Hijack this log, almost clean, I think

Unknown

One computer on our network (laptop) was hit really hard with a virus. It broke AVG and has prevented me from being able to reinstall. I can't get into safe mode either. Right now I'm trying to clean up the other computer (desktop) on the next work before tackling the laptop if it is even saveable. On the desktop, I ran through all the steps and adaware, spybot and AVG have gotten most of it, but I'm still getting hits in Kaspery and Panda as shown below. Thank you so much for your help!

Panda:


Incident Status Location

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.com.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[server.iad.liveperson.net/hc/62124831]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.target.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Shorack Family\Application Data\Mozilla\Firefox\Profiles\rd6hwkq1.default\cookies.txt[hc2.humanclick.com/hc/74139060]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\USUARIO\Configuración local\Temp\Cookies\usuario@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\USUARIO\Configuración local\Temp\Cookies\usuario@dist.belnk[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\USUARIO\Datos de programa\Mozilla\Firefox\Profiles\srnjsgaf.default\cookies.txt[.terra.com.br/]
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\USUARIO\Menú Inicio\Programas\Inicio\PowerReg Scheduler.exe


Kaspersky

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\53173A68.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cert8.db Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\history.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\key3.db Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\parent.lock Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\search.sqlite Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\fla10D7.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\jar_cache20144.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\~DF6836.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\~DFDEB3.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\My Documents\Marna\WebfettiSetup2.2.60.11-2.ZKfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Documents and Settings\InnerChange VZ\My Documents\Marna\WebfettiSetup2.2.60.11-2.ZKfox000.exe CAB: infected - 1 skipped
C:\Documents and Settings\InnerChange VZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\InnerChange VZ\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_638.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0447d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0448a.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


and finally Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:23 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\program files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [WDM_DMUSIC1] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKCU\..\Run: [MSMSGS] "C:\program files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184706092406
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://arturoyaco2000.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9281 bytes

Scotty

Hi! Welcome to the Icrontic forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Scotty

Hi

First of all, could you post the full Kaspersky log, including the header?

To delete cookies Firefox 2.0
1. Select "Tools"
2. Select "Options".
3. Select "Privacy".
4. In Private area click "Clear Now".
5. In "Clear Private Data" window put the check mark for "Cookies" and click "Clear Private Data Now".
6. Click OK.


Navigate to and delete the following file (if it is present):

Files:
C:\Documents and Settings\InnerChange VZ\My Documents\Marna\WebfettiSetup2.2.60.11-2.ZKfox000.exe

Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.

1. Close any programmes you may have running, ESPECIALLY your web browser
2. Click Start > Control Panel.
3. Click Add/Remove Programs.
4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
5. Click the Remove or Change/Remove button.
6. Repeat as many times as necessary to remove all versions of Java.
7. Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u4, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

aeroredbaron

Thank you for the help Scotty! Here is the old Kaspersky log with header:

---

KASPERSKY ONLINE SCANNER REPORT
Friday, February 08, 2008 11:14:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/02/2008
Kaspersky Anti-Virus database records: 555684

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 153923
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:36:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\53173A68.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\cert8.db Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\history.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\key3.db Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\parent.lock Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\search.sqlite Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8lp9xos.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\fla10D7.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\jar_cache20144.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\~DF6836.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temp\~DFDEB3.tmp Object is locked skipped
C:\Documents and Settings\InnerChange VZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\InnerChange VZ\My Documents\Marna\WebfettiSetup2.2.60.11-2.ZKfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Documents and Settings\InnerChange VZ\My Documents\Marna\WebfettiSetup2.2.60.11-2.ZKfox000.exe CAB: infected - 1 skipped
C:\Documents and Settings\InnerChange VZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\InnerChange VZ\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_638.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0447d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0448a.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I did delete the webfetti file as well. The old Java updates were deleted and the new one installed as you said. Just for information, now I'm getting requests for jusched.exe to access the internet from ZoneAlarm. I have not allowed it yet, but is this the java update? Below are the logs from DSS:
Main:

Deckard's System Scanner v20071014.68
Run by Shorack Family on 2008-02-10 12:42:11
Computer is in Normal Mode.

---

-- System Restore

---

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-10 16:42:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Shorack Family.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:35 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shorack Family\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Shorack Family.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Shorack Family\My Documents\John Mark\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184706092406
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://arturoyaco2000.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7977 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\)

---

backup-20080208-203244-208 O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
backup-20080208-203244-282 O4 - HKLM\..\RunOnce: [WDM_WDMAUD] rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
backup-20080208-203244-502 O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080208-203244-522 O4 - HKLM\..\RunOnce: [WDM_DMUSIC1] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080208-203244-845 O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
backup-20080209-131758-110 O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
backup-20080209-131758-256 O4 - HKLM\..\RunOnce: [WDM_WDMAUD] rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
backup-20080209-131758-351 O4 - HKLM\..\RunOnce: [WDM_DMUSIC1] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080209-131758-861 O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080209-131758-893 O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
backup-20080209-131926-176 O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080209-131926-414 O4 - HKLM\..\RunOnce: [WDM_WDMAUD] rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
backup-20080209-131926-446 O4 - HKLM\..\RunOnce: [WDM_DMUSIC1] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
backup-20080209-131927-222 O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
backup-20080209-131927-881 O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install

-- File Associations

---

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-01-10 and 2008-02-10

---

2008-02-10 12:27:43 0 d

---

C:\Program Files\Java
2008-02-10 12:27:40 0 d

---

C:\Program Files\Common Files\Java
2008-02-09 17:31:39 0 d

---

C:\Documents and Settings\Shorack Family\Application Data\AVG7
2008-02-08 20:03:26 0 d

---

C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-08 20:03:23 0 d

---

C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 13:50:20 10944544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 13:48:11 0 d

---

C:\Program Files\ZoneAlarmSB
2008-02-08 13:45:13 0 d

---

C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-02-08 13:45:05 4212 ---h

---

C:\WINDOWS\system32\zllictbl.dat
2008-02-08 13:44:55 11264 --a

---

C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-08 13:44:12 0 d

---

C:\WINDOWS\system32\ZoneLabs
2008-02-08 13:16:18 0 d

---

C:\WINDOWS\Internet Logs
2008-02-08 09:17:53 44928 --a

---

C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-08 08:51:23 0 d

---

C:\WINDOWS\system32\ActiveScan
2008-02-08 08:39:20 0 d

---

C:\Program Files\SpywareBlaster
2008-02-07 21:46:02 0 d

---

C:\Program Files\Lavasoft
2008-02-07 21:46:02 0 d

---

C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-07 21:24:53 0 d

---

C:\Program Files\Trend Micro
2008-02-07 13:34:42 0 d

---

C:\Documents and Settings\InnerChange VZ\Application Data\AVG7
2008-02-07 13:34:31 0 d

---

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-02-07 13:33:50 0 d

---

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-07 13:28:57 0 d

---

C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-02-06 09:48:05 0 d--hs---- C:\WINDOWS\CSC
2008-02-06 09:19:56 0 d

---

C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-30 17:42:39 0 d

---

C:\Program Files\Scribus 1.3.3.11
2008-01-28 21:02:50 0 d

---

C:\Documents and Settings\InnerChange VZ\.scribus
2008-01-24 22:48:33 0 d

---

C:\Program Files\Logitech


-- Find3M Report

---

2008-02-10 12:27:40 0 d

---

C:\Program Files\Common Files
2008-02-08 11:56:24 0 d

---

C:\Program Files\iTunes
2008-02-07 21:45:41 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 12:12:39 0 d

---

C:\Program Files\Common Files\Symantec Shared
2008-02-05 15:57:02 0 d

---

C:\Program Files\VideoLAN
2008-02-05 15:56:03 0 d

---

C:\Program Files\Google
2008-02-05 15:54:15 0 d

---

C:\Program Files\eMule
2008-02-05 14:00:16 0 d

---

C:\Program Files\EA GAMES
2008-02-05 13:58:31 0 d

---

C:\Program Files\EA SPORTS
2008-02-01 12:34:49 0 d

---

C:\Program Files\MSN Messenger
2008-01-26 12:58:40 0 d

---

C:\Program Files\Common Files\logishrd
2008-01-08 09:58:05 0 d

---

C:\Documents and Settings\Shorack Family\Application Data\Skype
2008-01-03 14:34:15 0 d

---

C:\Documents and Settings\Shorack Family\Application Data\Help
2007-12-10 15:42:44 0 d

---

C:\Program Files\Mozilla Thunderbird


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/08/2008 01:48 PM 262144 --a

---

C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"LTMSG"="LTMSG.exe" [07/14/2003 10:52 AM C:\WINDOWS\ltmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"@=" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/07/2008 01:34 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ares"="C:\Documents and Settings\Shorack Family\My Documents\John Mark\Ares\Ares.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/28/2007 8:23:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b094311-d400-11da-a9e2-000c6ea65cad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- Hosts

---

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7894 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-10 12:46:19

---

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 503.29 MiB / 135.78 MiB
Pagefile Memory (total/avail): 1229.88 MiB / 869.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.8 GiB total, 64.17 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV1203N - 111.81 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.8 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\program files\\MSN Messenger\\msnmsgr.exe"="C:\\program files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\program files\\MSN Messenger\\livecall.exe"="C:\\program files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\program files\\Google\\Google Talk\\googletalk.exe"="C:\\program files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\program files\\MSN Messenger\\msnmsgr.exe"="C:\\program files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\program files\\MSN Messenger\\livecall.exe"="C:\\program files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\program files\\Messenger\\msmsgs.exe"="C:\\program files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\program files\\eMule\\emule.exe"="C:\\program files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\program files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\program files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\program files\\iTunes\\iTunes.exe"="C:\\program files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Shorack Family\\My Documents\\John Mark\\Ares\\Ares.exe"="C:\\Documents and Settings\\Shorack Family\\My Documents\\John Mark\\Ares\\Ares.exe:*:Disabled:Ares"
"C:\\program files\\Grisoft\\AVG7\\avginet.exe"="C:\\program files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\program files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\program files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\program files\\Grisoft\\AVG7\\avgcc.exe"="C:\\program files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\program files\\Skype\\Phone\\Skype.exe"="C:\\program files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Shorack Family\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shorack Family
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHORAC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHORAC~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DESKTOP
USERNAME=Shorack Family
USERPROFILE=C:\Documents and Settings\Shorack Family
windir=C:\WINDOWS


-- User Profiles

---

InnerChange VZ (admin)
Shorack Family (admin)
Administrator (admin)


-- Add/Remove Programs

---

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CDRWIN --> C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 3170Guide --> C:\Program Files\epson\guide\perf3170_e\uninstall.exe
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
Folder Size Shell Extension v3.2 --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\system32\Shellext\dfolder.inf
GIMP 2.4.1 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Harry Potter - Quidditch World Cup --> C:\Program Files\EA GAMES\Harry Potter - Quidditch WC\EAUninstall.exe
HijackThis 2.0.2 --> "C:\program files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 1010 Series --> MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Español --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\program files\Mozilla Firefox\uninstall\helper.exe
MVP Baseball 2005 --> C:\Program Files\EA SPORTS\MVP Baseball 2005\EAUninstall.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Scribus 1.3.3.11 --> C:\Program Files\Scribus 1.3.3.11\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log

---

Event Record #/Type18877 / Warning
Event Submitted/Written: 02/10/2008 00:37:21 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type18876 / Warning
Event Submitted/Written: 02/10/2008 00:37:21 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type18875 / Warning
Event Submitted/Written: 02/10/2008 00:37:21 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type18874 / Warning
Event Submitted/Written: 02/10/2008 00:37:21 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type18873 / Warning
Event Submitted/Written: 02/10/2008 00:37:20 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type14842 / Warning
Event Submitted/Written: 02/09/2008 03:52:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type14801 / Warning
Event Submitted/Written: 02/09/2008 03:30:39 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type14757 / Warning
Event Submitted/Written: 02/08/2008 00:38:35 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type14729 / Error
Event Submitted/Written: 02/07/2008 09:13:04 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type14728 / Error
Event Submitted/Written: 02/07/2008 07:54:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Avg7Alrt with arguments ""
in order to run the server:
{3486DF65-1D90-406A-A072-30629910F113}



-- End of Deckard's System Scanner: finished at 2008-02-10 12:46:19

---

Scotty

Hi

Sorry for the delay in replying.

Use of P2P (Person to Person) file sharing programmes

We have noticed an increasing number of people coming to us with infections contracted from the use of P2P programmes.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P progamme.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.


Congratulations, you appear to be malware free.

You may wish to keep hold of the Kaspersky & Panda Online Scans as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

Now we need to flush your System Restore points after ridding yourself of malware:

• Click Start | Help and Support | Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close the Help and Support Center box.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Here is a free program I recommend.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

aeroredbaron

Thank you so much Scotty!

This computer is shared by a lot of folks (including a number of teenage kids) but I'll do what I can to keep them off the P2P. WinPatrol is a pretty nifty proggy, thanks for the link.

Alright, best of luck and thanks again!

Trogan

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead (grin)

_______________________________

Have we helped you with any issues you have had with your PC's or other items? If so, you can now help us by Joining Team 93 and fold for a cure.