Possible Virus?

boardsie08

Hey guys,

For the past week or so my PC has become very unstable, it's very slow, constantly crashing, freezing etc..

I'm running XP, and I have AVG and Zone Alarm, both are up-to-date and whenever I run scans with either of these nothing shows up.

A few days ago my password to my account on XP miraculously changed itself and I was locked out of my PC til some fellow friendly boardsies soon sorted me out, and I was wondering if this could have been due to some piece of malicious software?

A few times when my pc has crashed I'll press CTRL + ALT + DEL and when I do it will show the task manager showing up something crazy like 70 of them running simultaneously. Again, this says virus to me.

On seeing a recommendation from someone here on this forum I downloaded SUPERAntiSpyware and it's still running. So far it has unearthed 25 Adware Tracking Cookies.

Also in reading through this forum I noticed Deckards SS being mentioned a few times, so again I downloaded this and ran it a while ago.

would anyone be kind enough as to run through the logs I got after it had finished and give me their opinion please?

thanks guys!

boardsie08

Deckard's System Scanner v20071014.68
Run by My PC on 2008-02-16 03:03:57
Computer is in Normal Mode.

---

-- System Restore

---

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-02-16 03:05:58 UTC - RP402 - Deckard's System Scanner Restore Point
66: 2008-02-15 18:42:29 UTC - RP401 - System Checkpoint
65: 2008-02-14 03:10:30 UTC - RP400 - Software Distribution Service 3.0
64: 2008-02-13 20:42:40 UTC - RP399 - Installed BulkFriendAdder
63: 2008-02-13 15:45:16 UTC - RP398 - System Checkpoint


-- First Restore Point --
1: 2007-11-17 19:16:49 UTC - RP336 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.51 GiB (less than 15%) free.


-- HijackThis (run as Morbid Angel.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:17:22, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Companion Photo\AzAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Morbid Angel\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Morbid Angel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Companion Photo\AzAgent.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7466 bytes

-- File Associations

---

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 HotspotShieldService (Hotspot Shield Service) - c:\program files\hotspot shield\bin\openvpnas.exe
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled

---

No disabled devices found.


-- Scheduled Tasks

---

2008-02-13 20:32:26 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-16 and 2008-02-16

---

2008-02-16 03:16:18 0 d

---

C:\Program Files\Trend Micro
2008-02-15 23:53:53 25088 --a

---

C:\WINDOWS\system32\mssrv32.exe
2008-02-13 20:43:37 0 d

---

C:\Program Files\BulkFriendAdder
2008-02-13 20:41:05 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 20:20:50 0 d

---

C:\Program Files\FriendBot
2008-02-12 04:03:45 18 --a

---

C:\SYSREST
2008-02-11 22:22:40 0 d

---

C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-11 22:22:40 0 d

---

C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-11 22:22:40 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-11 22:22:40 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-11 22:22:39 0 d--h

---

C:\Documents and Settings\Administrator\Local Settings
2008-02-11 22:22:39 0 dr

---

C:\Documents and Settings\Administrator\Favorites
2008-02-11 22:22:39 0 d

---

C:\Documents and Settings\Administrator\Desktop
2008-02-11 22:22:39 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-11 22:22:39 0 dr-h

---

C:\Documents and Settings\Administrator\Application Data
2008-02-11 22:22:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-11 22:22:38 0 d

---

C:\Documents and Settings\Administrator\WINDOWS
2008-02-11 22:22:38 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-11 22:22:38 0 d--h

---

C:\Documents and Settings\Administrator\Templates
2008-02-11 22:22:38 0 dr

---

C:\Documents and Settings\Administrator\Start Menu
2008-02-11 22:22:38 0 dr-h

---

C:\Documents and Settings\Administrator\SendTo
2008-02-11 22:22:38 0 dr-h

---

C:\Documents and Settings\Administrator\Recent
2008-02-11 22:22:38 0 d--h

---

C:\Documents and Settings\Administrator\PrintHood
2008-02-11 22:22:38 0 d--h

---

C:\Documents and Settings\Administrator\NetHood
2008-02-11 22:22:38 0 dr

---

C:\Documents and Settings\Administrator\My Documents
2008-02-11 22:22:37 1310720 --ah

---

C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-11 11:56:16 7456544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-10 18:22:39 0 dr-h

---

C:\$VAULT$.AVG
2008-02-10 00:10:08 0 d

---

C:\Program Files\Open Adder
2008-02-09 02:20:57 101888 --a

---

C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-09 02:20:55 0 d

---

C:\Program Files\FriendBlasterPro
2008-02-03 01:34:11 0 d

---

C:\WINDOWS\Sun
2008-02-03 01:34:10 0 d

---

C:\Documents and Settings\Morbid Angel\Application Data\Sun
2008-02-03 01:06:11 0 d

---

C:\Program Files\Java
2008-02-03 01:04:46 0 d

---

C:\Program Files\Common Files\Java
2008-01-31 16:29:25 0 d

---

C:\Program Files\Hotspot Shield
2008-01-27 11:25:37 0 d

---

C:\Program Files\uTorrent
2008-01-27 11:24:50 0 d

---

C:\Documents and Settings\Morbid Angel\Application Data\uTorrent
2008-01-17 03:19:55 0 d

---

C:\Program Files\Common Files\xing shared
2008-01-17 03:19:05 0 d

---

C:\Documents and Settings\Morbid Angel\Application Data\Real


-- Find3M Report

---

2008-02-15 21:06:42 0 d

---

C:\Documents and Settings\Morbid Angel\Application Data\AVG7
2008-02-13 20:41:05 0 d

---

C:\Program Files\Common Files
2008-02-11 11:57:41 4212 ---h

---

C:\WINDOWS\system32\zllictbl.dat
2008-02-03 01:07:24 1277 --a

---

C:\WINDOWS\mozver.dat
2008-01-17 03:19:53 0 d

---

C:\Program Files\Real
2008-01-17 03:19:35 0 d

---

C:\Program Files\Common Files\Real


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@=C:\WINDOWS\Options\OEMReset.exe" [09/01/2003 01:01]
"Cmaudio"="cmicnfg.cpl" [11/12/2003 15:44 C:\WINDOWS\CMICNFG.CPL]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [17/11/2003 10:33]
"nwiz"="nwiz.exe" [17/11/2003 10:33 C:\WINDOWS\system32\nwiz.exe]
"Dit"="Dit.exe" [28/08/2002 13:43 C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [24/06/2003 15:23]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 03:00]
"AzAgent"="C:\Program Files\Companion Photo\AzAgent.exe" [27/06/2005 04:08]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [07/04/2005 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/02/2008 19:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 13:42]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [17/01/2008 03:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [18/04/2005 21:11:44]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-16 03:21:04

---

boardsie08

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3400+
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 511.48 MiB / 99.98 MiB
Pagefile Memory (total/avail): 1672.84 MiB / 1100.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.6 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 6.5 GiB free.
is Fixed (NTFS) - 149.04 GiB total, 134.99 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - ST3160021A - 149.05 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 149.04 GiB -

\\.\PHYSICALDRIVE4 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE3 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE5 - Medion Flash XL SM USB Device



-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Morbid Angel\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MORBID-ANGEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Morbid Angel
LOGONSERVER=\\MORBID-ANGEL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0408
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MORBID~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MORBID~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MORBID-ANGEL
USERNAME=Morbid Angel
USERPROFILE=C:\Documents and Settings\Morbid Angel
windir=C:\WINDOWS


-- User Profiles

---

Morbid Angel (admin)
Administrator (new local, admin)


-- Add/Remove Programs

---

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\FriendBot\FriendBot\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BulkFriendAdder --> MsiExec.exe /X{338B9994-DA2E-4351-94C3-9FBE3378698A}
FriendBlasterPro --> "C:\Program Files\FriendBlasterPro\unins000.exe"
Hotspot Shield 0.941 --> C:\Program Files\Hotspot Shield\Uninstall.exe
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log

---

Event Record #/Type2811 / Error
Event Submitted/Written: 02/16/2008 02:21:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application FriendBlasterPro.exe, version 9.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2810 / Error
Event Submitted/Written: 02/15/2008 09:10:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.11.704.230, faulting module KService.exe, version 5.11.704.230, fault address 0x00211e5a.
Processing media-specific event for [KService.exe!ws!]

Event Record #/Type2803 / Error
Event Submitted/Written: 02/15/2008 05:43:13 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 479121704.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2802 / Error
Event Submitted/Written: 02/15/2008 05:43:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.11.704.230, faulting module KService.exe, version 5.11.704.230, fault address 0x00211e5a.
Processing media-specific event for [KService.exe!ws!]

Event Record #/Type2783 / Error
Event Submitted/Written: 02/14/2008 11:39:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.11.704.230, faulting module KService.exe, version 5.11.704.230, fault address 0x00211e5a.
Processing media-specific event for [KService.exe!ws!]



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type13394 / Warning
Event Submitted/Written: 02/16/2008 01:16:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13393 / Warning
Event Submitted/Written: 02/15/2008 11:48:41 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13390 / Warning
Event Submitted/Written: 02/15/2008 09:27:09 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13389 / Error
Event Submitted/Written: 02/15/2008 09:10:43 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The KService service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type13388 / Warning
Event Submitted/Written: 02/15/2008 09:08:32 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-02-16 03:21:04

---

ActorSeeksJob

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  C:\WINDOWS\system32\mssrv32.exe 
  

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  purity
  

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



You also have two anti-viruses, AVG and ZoneAlarm, you need to remove one of these.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select

My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.



Reboot and post a new DSS log