Services.exe

wildsaffy

I had a massive computer slowdown over the last few days - so I did the scans as suggested finishing with Panda online scanner.

Unfortunately the log did not save and I am loathe to do it again until tonight as it took about 3 hours to scan.

However I am concerned by the process services.exe - processlibrary.com tells me this could be any number of trojans or worms.

Should I be concerned?

wildsaffy

wildsaffy

Hi,

I managed to do the scan (initially it would not let me save the file) and the log is as below: hope it helps shed some light. I hope someone can help!! I can't even open Dreamweaver now (it hangs then crashes) and I have a hape of work to do ...

MAIN TEXT

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-30 22:06:01
Computer is in Normal Mode.

---

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 247 MiB (256 MiB recommended).


-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-30 22:07:16
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\twain_32\SiPix\SCBLINK2\srvany.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBLINK2\USBPNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\stisvc.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\system32\wbem\winmgmt.exe
C:\WINNT\system32\svchost.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\CTFMON.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {3153534D-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msscrnax.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/0927c4ed7fd9bfc29505/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213905170328
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ncgesrv02.ncge.ie/Remote/msrdp.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E059118-C453-4F19-B364-68E3C36D151E}: NameServer = 80.249.249.249,80.249.249.250
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBLINK2\srvany.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe


--
End of file - 9134 bytes

-- File Associations

---

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 RecAgent - c:\winnt\system32\drivers\recagent.sys <Not Verified; ; Modem>
R3 Mtlmnt5 - c:\winnt\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem>
R3 Slntamr (SmartLink AMR_PCI Driver) - c:\winnt\system32\drivers\slntamr.sys <Not Verified; ; Modem>
R3 SlWdmSup - c:\winnt\system32\drivers\slwdmsup.sys <Not Verified; ; Modem>

S3 DCamUSBBVI (SiPix StyleCam Rave/Snap Dual Mode Camera) - c:\winnt\system32\drivers\biomini.sys
S3 Mtlstrm - c:\winnt\system32\drivers\mtlstrm.sys <Not Verified; ; Modem>
S3 SlNtHal - c:\winnt\system32\drivers\slnthal.sys <Not Verified; ; Modem>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20061215.005\symidsco.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Blink2PnP - c:\winnt\twain_32\sipix\scblink2\srvany.exe
R2 olMntrService - "c:\program files\olivetti\any_way\olmntrservice.exe" <Not Verified; Olivetti; Olivetti ANY_WAY>
R2 wampapache - "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

S2 SLService (SmartLinkService) - slserv.exe (file missing)
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld


-- Device Manager: Disabled

---

No disabled devices found.


-- Scheduled Tasks

---

2008-07-22 08:41:05 280 --a

---

C:\WINNT\Tasks\Uniblue SpyEraser Nag.job
2008-06-20 19:56:58 354 --a

---

C:\WINNT\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-06-30 and 2008-07-30

---

2008-07-30 09:32:04 0 d

---

C:\Program Files\Panda Security
2008-07-28 07:15:58 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 07:15:41 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-07-28 07:15:41 0 d

---

C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-18 16:14:49 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-07-06 20:10:25 0 d

---

C:\WINNT\winsxs
2008-07-06 20:10:23 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 03:46:51 0 d

---

C:\Program Files\Sun
2008-07-01 22:48:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-07-01 22:48:21 0 d

---

C:\WINNT\PaltalkScene
2008-07-01 22:48:21 0 d

---

C:\Program Files\Paltalk Messenger
2008-07-01 05:57:30 926918 ---h

---

C:\WINNT\ShellIconCache


-- Find3M Report

---

2008-07-30 21:47:44 0 d

---

C:\Program Files\DVD Photo Slideshow Professional
2008-07-30 21:46:45 0 d

---

C:\Program Files\Shockwave.com
2008-07-30 21:45:25 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-07-30 16:31:06 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 08:00:30 0 d

---

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-27 21:04:10 0 d

---

C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-07-07 18:18:15 0 d

---

C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-07 17:30:45 16 --a

---

C:\WINNT\popcinfo.dat
2008-07-06 20:10:05 0 d

---

C:\Program Files\Common Files\Adobe
2008-07-06 19:59:48 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 19:49:21 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 03:46:19 0 d

---

C:\Program Files\Java
2008-07-02 20:13:32 0 d

---

C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-29 19:25:28 2080 --a

---

C:\WINNT\system32\tmp.reg
2008-06-27 05:51:34 0 d-a

---

C:\Program Files\Common Files
2008-06-27 05:51:34 0 d

---

C:\Program Files\Common Files\SWF Studio
2008-06-26 22:56:01 0 d

---

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-23 07:56:26 0 d

---

C:\Program Files\Canon
2008-06-22 21:19:40 0 d

---

C:\Program Files\Common Files\Canon
2008-06-22 09:02:22 0 d

---

C:\Program Files\MSXML 4.0
2008-06-20 07:22:09 0 d

---

C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-20 07:21:42 0 d

---

C:\Program Files\Uniblue
2008-06-18 03:50:09 288 --ah

---

C:\aaw7boot.cmd
2008-06-18 02:54:58 0 d

---

C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-16 08:02:35 0 d

---

C:\Documents and Settings\Administrator\Application Data\LIVECHAT
2008-06-16 07:59:44 0 d

---

C:\Program Files\LIVECHAT
2008-06-05 23:25:49 0 d

---

C:\Program Files\CoffeeCup Software
2008-06-04 01:16:59 0 d

---

C:\Documents and Settings\Administrator\Application Data\Flickr
2008-06-04 01:16:42 0 d

---

C:\Program Files\Flickr Uploadr
2008-05-12 22:52:48 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_2e8.dat


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [14/07/03 13:00 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/08 04:28 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/01/08 23:20 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/07 13:12 ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/05 11:44 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/05 11:44 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/07 08:42 ]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 C:\WINNT\system32\CTFMON.EXE]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 16:40 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/08 11:43 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [02/04/08 09:49 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/08 10:33 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsft Security Monitor Process"=mssmppp.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [06/06/2008 11:22:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [08/05/2008 23:17:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/08 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/07 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=&quot;Driver"




-- End of Deckard's System Scanner: finished at 2008-07-30 22:07:49

---

EXTRA TEXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 246.48 MiB / 70.36 MiB
Pagefile Memory (total/avail): 596.48 MiB / 289.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 12.02 GiB free.
is CDROM (CDFS)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ExcelStor Technology J880 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:

\\.\PHYSICALDRIVE1 - Multi Flash Reader USB Device



-- Security Center

---

AUOptions is scheduled to auto-install.


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FISHBOWL
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\FISHBOWL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=FISHBOWL
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles

---

Administrator (admin)


-- Add/Remove Programs

---

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINNT\UNNeroVision.exe /UNINSTALL
--> C:\WINNT\UNNMP.exe /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3096853-5F1C-464A-B7AE-5FB5137EAEC5}\setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{586D9A3C-FF54-46BD-A4C6-5C70608AFD39}\setup.exe" -l0x9 -uninst
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Battle for Wesnoth 1.2.5 --> "C:\Program Files\Wesnoth\unins000.exe"
BT Voyager 105 ADSL Modem --> C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test --> C:\WINNT\AppRun.exe C:\PROGRA~1\VOYAGE~1
CAM UnZip 4.42 --> "C:\Program Files\CAM Development\CAM UnZip\Uninstall\unins000.exe"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera TWAIN Driver 6.6 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EEBC43D5-C84E-401D-84BC-D7DF882ED00D} /l1033
Canon Camera TWAIN Driver 6.7 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{458D973D-A2CF-4002-A599-170E43F78713} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MP Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x9 -Uninstall
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\EPP\EPP\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CoffeeCup MP3 Rip & Burn --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\CoffeeCupMP3Rip&Burn.log
CoffeeCup Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
CoffeeCup Web JukeBox - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~3\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~3\INSTALL.LOG
CoffeeCup Web Video Player - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Color by Number 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F64BC5DA-02A6-431C-91EF-4E89AC7D2BD3}\setup.exe" -l0x9 -removeonly
conexant soft56k Data FAX Modem --> C:\WINNT\Modio\SLAMR2KV\Setup.exe /Remove
DebugMode Wax 2.0 --> "C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Flickr Uploadr 2.5.0.15 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\freezip.inf,Uninstall
GetCanon! 1.6 --> C:\Program Files\David Vidmar\GetCanon!\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Instant Eyedropper 1.501 --> "C:\Program Files\InstantEyedropper\unins000.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Ipswitch WS_FTP Home 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9 -removeonly
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LIVECHAT Contact Center --> C:\Program Files\LIVECHAT\LIVECHAT Operator\Uninstall.exe
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution --> MsiExec.exe /I{9F2BDC61-4D2D-47C0-BCB6-7D43D0EA7948}
Nokia PC Suite --> MsiExec.exe /I{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PaltalkScene --> "C:\WINNT\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Prism --> C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9
SiPix StyleCam Snap --> C:\Program Files\InstallShield Installation Information\{BB6E8A72-C5B0-4782-9042-C8C2E5AA7B4A}\Setup.exe uninst
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Sound File Converter --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Ulead Video ToolBox Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WampServer 2.0 --> "c:\wamp\unins000.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINNT\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Zwei-Stein Video Compositor 3.01 (Beta 2). --> "C:\Program Files\Thugs at Bay\Zwei-Stein\unins000.exe"


-- Application Event Log

---

Event Record #/Type7012 / Error
Event Submitted/Written: 07/30/2008 09:44:55 PM
Event ID/Source: 1015 / Perflib
Event Description:
The timeout waiting for the performance data collection function "PerfProc"
in the "C:\WINNT\system32\perfproc.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Event Record #/Type7010 / Error
Event Submitted/Written: 07/30/2008 09:28:59 PM
Event ID/Source: 1000 / Userenv
Event Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

Event Record #/Type7008 / Error
Event Submitted/Written: 07/30/2008 04:30:02 PM
Event ID/Source: 1000 / Userenv
Event Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

Event Record #/Type7006 / Error
Event Submitted/Written: 07/30/2008 09:13:42 AM / 07/30/2008 09:13:43 AM
Event ID/Source: 1000 / Userenv
Event Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

Event Record #/Type7004 / Error
Event Submitted/Written: 07/30/2008 07:25:21 AM
Event ID/Source: 1000 / Userenv
Event Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type3178 / Error
Event Submitted/Written: 07/30/2008 09:30:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SmartLinkService service failed to start due to the following error:
%%2

Event Record #/Type3174 / Error
Event Submitted/Written: 07/30/2008 04:31:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SmartLinkService service failed to start due to the following error:
%%2

Event Record #/Type3169 / Warning
Event Submitted/Written: 07/30/2008 03:10:14 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type3168 / Error
Event Submitted/Written: 07/30/2008 09:15:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SmartLinkService service failed to start due to the following error:
%%2

Event Record #/Type3162 / Error
Event Submitted/Written: 07/30/2008 07:26:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SmartLinkService service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-07-30 22:07:49

---

Loveless

"C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe"

Dss.exe is Trojan/Backdoor.
MSSMPPP.EXE is Trojan/Backdoor.


Install some proper anti-virus software like McAfee VirusScan Enterprise. Obviously that 'AVG' isn't doing anything for you.
Also I'd get rid of sloware items like:

---

C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

---

Why have you got "SUPERAntiSpyware" and Spybot installed together. you're really slowing down the PC..
I'd get rid of all of the following items:

---

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/0927c4ed...p/RdxIE601.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

---

wildsaffy

Loveless,

Thanks for your quick reply. I actually downloaded DSS.exe this afternoon - this was Deckard's System Scanner I got from somewhere on this thread.

I will look at the other stuff you have listed. Thanks.again.

ActorSeeksJob

I'm sorry I have to jump in here due to that terrible advice

DSS.exe is not malware, it is the program from the Sticky Thread

Install some proper anti-virus software like McAfee VirusScan Enterprise. Obviously that 'AVG' isn't doing anything for you.

Are you serious ? McAfee is easily the worst anti-virus program out there. AVG is very good

Why have you got "SUPERAntiSpyware" and Spybot installed together. you're really slowing down the PC..

No they aren't



Nearly every HJT entry you listed is legit, and you didn't handle the bad ones in there.



Please do not post advice if you don't know what you are doing. I just hope that Wildsaffy didn't listen to your advice as you have probably damaged his PC.



Next onto business



Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Also post a new DSS log

wildsaffy

Actor,

Hadn't done anything yet as was a little puzzled by some of the stuff I was to remove......

I shall try yours and post the log.

Many thanks,
wildsaffy (gorgeous female )

Loveless

hmm if AVG is sooo good, why is the user having so post System Logs on the internet for other people to help them clean their PC?? yeah it's sounds great :rolleyes:
The McAfee Enterprise business edition is brilliant for catching and deleting viruses. You're probably confusing it with the 10-in-1 bloated 'home' edition.

The person's other complaint was the slowness of the PC, and actually READING through the logs (not just copying and pasting a fix solution from another website) you can see that's there's an awful lot of stuff there that doesn't need to run EVERY SINGLE TIME they start up the PC.

I told them to remove the slow items like GoogleToolbar, SunJava update check, InstallShield update check, RealPlayer update checker, 'Registry Booster', AVG (which failed to detect infection), two anti-spyware packages that are doing the same job, Nokia phone detection process, Adobe speed launcher, the fake "Microsft Security Monitor Process"......... the list goes on.

Never heard of Deckard's System Scanner, but it's already done it's job for you anyway.

If you think it's perfectly normal to have all that running on your PC, before you even launch a single application then good luck to ya!!

wildsaffy

I ran the SDFix and the log is as follows: (followed by a new DSS log)


SDFix: Version 1.210
Run by Administrator on Thu 31/07/2008 at 0:17

Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome.manifest - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\install.rdf - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.js - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.xul - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\request.js - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\web_progress.js - Deleted
C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\defaults\preferences\main.js - Deleted



Folder C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 06:43:46
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 28 Oct 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\OOYAŽ3113>.sys"
Sun 9 Dec 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\YUAŽ3113>.sys"
Sun 13 Jan 2008 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\UYAŽ3113>.sys"
Thu 30 Nov 2006 9,409,224 A..H. --- "C:\Downloaded Utilities\Freeware\MSN Messenger\Install_MSN_Messenger.exe"
Fri 10 Mar 2000 84,992 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\14_43260.DLL"
Fri 10 Mar 2000 44,032 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\28_83260.DLL"
Fri 10 Mar 2000 30,208 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\AUTH3260.DLL"
Fri 10 Mar 2000 23,552 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\BASC3260.DLL"
Fri 10 Mar 2000 23,552 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\COKR3260.DLL"
Fri 10 Mar 2000 25,088 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\COOK3260.DLL"
Fri 10 Mar 2000 20,480 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\DNET3260.DLL"
Fri 10 Mar 2000 78,848 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\EDNT3260.DLL"
Fri 10 Mar 2000 446,976 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\ENCN3260.DLL"
Fri 10 Mar 2000 21,504 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\ENLV3260.DLL"
Fri 10 Mar 2000 92,672 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\ERV13260.DLL"
Fri 10 Mar 2000 272,384 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\ERV23260.DLL"
Fri 10 Mar 2000 59,392 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\ESPR3260.DLL"
Tue 16 Oct 2001 139,264 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\jpeglib.dll"
Fri 10 Mar 2000 278,528 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\PNCRT.DLL"
Fri 10 Mar 2000 379,904 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\PNGU3264.DLL"
Fri 10 Mar 2000 11,264 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\PNRS3260.DLL"
Fri 10 Mar 2000 508,928 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RMBE3260.DLL"
Fri 10 Mar 2000 521,216 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RMME3260.DLL"
Fri 10 Mar 2000 328,192 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RMTO3260.DLL"
Fri 10 Mar 2000 28,160 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RN5A3260.DLL"
Fri 10 Mar 2000 500,224 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RNCO3260.DLL"
Fri 10 Mar 2000 30,208 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RV103260.DLL"
Fri 10 Mar 2000 90,624 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\RV203260.DLL"
Fri 10 Mar 2000 41,472 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\SDPP3260.DLL"
Fri 10 Mar 2000 17,408 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\SIPR3260.DLL"
Tue 16 Oct 2001 569,344 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\tablib.dll"
Tue 16 Oct 2001 1,167,360 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\tassdll.dll"
Tue 16 Oct 2001 32,768 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\thereal.dll"
Tue 16 Oct 2001 20,480 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\vidfowin.dll"
Tue 16 Oct 2001 20,480 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\wavout.dll"
Tue 16 Oct 2001 98,304 A.SH. --- "C:\Program Files\Thugs at Bay\Zwei-Stein\wmfwrite.dll"
Mon 13 Dec 2004 20,480 A..H. --- "C:\old disk\Documents and Settings\Administrator\My Documents\~WRL1415.tmp"
Fri 15 Jul 2005 4,348 A.SH. --- "C:\old disk\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"
Thu 1 Mar 2007 11,035,132 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\WSFTP_ProT128_Install.exe"
Mon 15 Jan 2007 24,576 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL0636.tmp"
Mon 15 Jan 2007 24,576 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL1269.tmp"
Fri 24 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL1545.tmp"
Fri 24 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL1817.tmp"
Fri 24 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL2012.tmp"
Fri 24 Nov 2006 30,208 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL2089.tmp"
Fri 24 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\~WRL4031.tmp"
Tue 10 Apr 2007 82,432 ...H. --- "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\OLK2\~WRL0709.tmp"
Fri 1 Jul 2005 108,544 A..H. --- "C:\Documents and Settings\Administrator\My Documents\c\Snow White\~WRL0767.tmp"
Sun 6 Jul 2003 210,299 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Final\Galway\~WRL0903.tmp"
Sat 21 Jun 2003 187,902 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Final\Leitrim\~WRL0997.tmp"
Sun 7 Mar 2004 28,672 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL0001.tmp"
Fri 22 Oct 2004 30,208 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL0002.tmp"
Mon 24 May 2004 27,648 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL0005.tmp"
Fri 29 Oct 2004 30,208 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL0487.tmp"
Wed 1 Sep 2004 31,232 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL1148.tmp"
Sun 4 Jan 2004 27,648 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL2481.tmp"
Fri 3 Sep 2004 28,160 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL2508.tmp"
Thu 2 Sep 2004 31,232 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL2535.tmp"
Sun 4 Jan 2004 30,208 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL3199.tmp"
Sun 22 Aug 2004 31,232 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL3246.tmp"
Fri 3 Sep 2004 24,064 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\Tony Documents\FAIRWAY OFFICE DOCS\~WRL3536.tmp"
Fri 1 Jul 2005 108,544 A..H. --- "C:\Documents and Settings\Administrator\My Documents\c\Fishbowl Productions\Snow White\~WRL0767.tmp"
Thu 19 Sep 2002 74,240 A..HR --- "C:\Documents and Settings\Administrator\My Documents\Portfolio\NEW COURSE BROCHURE & LEAFLETS\Cover Sheets\~WRL0864.tmp"
Sun 8 Jun 2003 42,489 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\DISCS\Calendar\May\~WRL0249.tmp"
Sun 8 Jun 2003 42,493 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\DISCS\Calendar\May\~WRL3592.tmp"
Sun 21 Sep 2003 220,622 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\DISCS\L\Dublin_59\~WRL2053.tmp"
Sun 8 Jun 2003 42,489 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\downloads\Calendar\May\~WRL0249.tmp"
Sun 8 Jun 2003 42,493 A..H. --- "C:\old disk\Back Up from Laptop\Back Up Tony\downloads\Calendar\May\~WRL3592.tmp"
Fri 15 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\Administrator\My Documents\c\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"

Finished!



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-31 07:10:02
Computer is in Normal Mode.

---

Percentage of Memory in Use: 93% (more than 75%).
Total Physical Memory: 247 MiB (256 MiB recommended).


-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-31 07:10:33
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\twain_32\SiPix\SCBLINK2\srvany.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBLINK2\USBPNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\stisvc.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\system32\wbem\winmgmt.exe
C:\WINNT\system32\svchost.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\CTFMON.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {3153534D-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msscrnax.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/0927c4ed7fd9bfc29505/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213905170328
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ncgesrv02.ncge.ie/Remote/msrdp.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E059118-C453-4F19-B364-68E3C36D151E}: NameServer = 80.249.249.249,80.249.249.250
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBLINK2\srvany.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe


--
End of file - 9069 bytes

-- Files created between 2008-06-30 and 2008-07-31

---

2008-07-31 00:02:12 0 d

---

C:\WINNT\ERUNT
2008-07-30 22:07:45 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-07-30 09:32:04 0 d

---

C:\Program Files\Panda Security
2008-07-28 07:15:58 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 07:15:41 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-07-28 07:15:41 0 d

---

C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-18 16:14:49 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-07-06 20:10:25 0 d

---

C:\WINNT\winsxs
2008-07-06 20:10:23 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 03:46:51 0 d

---

C:\Program Files\Sun
2008-07-01 22:48:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-07-01 22:48:21 0 d

---

C:\WINNT\PaltalkScene
2008-07-01 22:48:21 0 d

---

C:\Program Files\Paltalk Messenger
2008-07-01 05:57:30 926918 ---h

---

C:\WINNT\ShellIconCache


-- Find3M Report

---

2008-07-30 23:23:53 0 d-a

---

C:\Program Files\Common Files
2008-07-30 21:47:44 0 d

---

C:\Program Files\DVD Photo Slideshow Professional
2008-07-30 21:46:45 0 d

---

C:\Program Files\Shockwave.com
2008-07-30 16:31:06 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 08:00:30 0 d

---

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-27 21:04:10 0 d

---

C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-07-07 18:18:15 0 d

---

C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-07 17:30:45 16 --a

---

C:\WINNT\popcinfo.dat
2008-07-06 20:10:05 0 d

---

C:\Program Files\Common Files\Adobe
2008-07-06 19:59:48 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 19:49:21 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 03:46:19 0 d

---

C:\Program Files\Java
2008-07-02 20:13:32 0 d

---

C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-29 19:25:28 2080 --a

---

C:\WINNT\system32\tmp.reg
2008-06-27 05:51:34 0 d

---

C:\Program Files\Common Files\SWF Studio
2008-06-26 22:56:01 0 d

---

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-23 07:56:26 0 d

---

C:\Program Files\Canon
2008-06-22 21:19:40 0 d

---

C:\Program Files\Common Files\Canon
2008-06-22 09:02:22 0 d

---

C:\Program Files\MSXML 4.0
2008-06-20 07:22:09 0 d

---

C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-20 07:21:42 0 d

---

C:\Program Files\Uniblue
2008-06-18 03:50:09 288 --ah

---

C:\aaw7boot.cmd
2008-06-18 02:54:58 0 d

---

C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-16 08:02:35 0 d

---

C:\Documents and Settings\Administrator\Application Data\LIVECHAT
2008-06-16 07:59:44 0 d

---

C:\Program Files\LIVECHAT
2008-06-05 23:25:49 0 d

---

C:\Program Files\CoffeeCup Software
2008-06-04 01:16:59 0 d

---

C:\Documents and Settings\Administrator\Application Data\Flickr
2008-06-04 01:16:42 0 d

---

C:\Program Files\Flickr Uploadr
2008-05-12 22:52:48 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_2e8.dat


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [14/07/03 13:00 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/08 04:28 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/01/08 23:20 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/07 13:12 ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/05 11:44 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/05 11:44 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/07 08:42 ]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 C:\WINNT\system32\CTFMON.EXE]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 16:40 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/08 11:43 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [02/04/08 09:49 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [06/06/2008 11:22:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [08/05/2008 23:17:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=&quot;Driver"




-- End of Deckard's System Scanner: finished at 2008-07-31 07:11:02

---

ActorSeeksJob

hmm if AVG is sooo good, why is the user having so post System Logs on the internet for other people to help them clean their PC?? yeah it's sounds great

Doesn't matter what anti-virus you have, you can always get infected

The McAfee Enterprise business edition is brilliant for catching and deleting viruses. You're probably confusing it with the 10-in-1 bloated 'home' edition.

No I'm not, all forms of McAfee are junk.

If you think it's perfectly normal to have all that running on your PC, before you even launch a single application then good luck to ya!!

I am more worried about the malware on his PC, once that is removed there will be an increase in performance



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/0927c4ed...p/RdxIE601.cab


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  [kill explorer]
  C:\Documents and Settings\All Users\Application Data\OOYAŽ3113>.sys
  C:\Documents and Settings\All Users\Application Data\YUAŽ3113>.sys
  C:\Documents and Settings\All Users\Application Data\UYAŽ3113>.sys
  C:\windows\system32\blank.htm
  purity 
  EmptyTemp
  [start explorer]
  

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log

wildsaffy

OTMoveIt2

Explorer killed successfully
File/Folder C:\Documents and Settings\All Users\Application Data\OOYAŽ3113>.sys not found.
File/Folder C:\Documents and Settings\All Users\Application Data\YUAŽ3113>.sys not found.
File/Folder C:\Documents and Settings\All Users\Application Data\UYAŽ3113>.sys not found.
File/Folder C:\windows\system32\blank.htm not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF966B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRD0003.doc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRS0004.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_131551

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF966B.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRD0003.doc not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRS0004.tmp not found!

DSS

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-31 13:40:52
Computer is in Normal Mode.

---

Percentage of Memory in Use: 93% (more than 75%).
Total Physical Memory: 247 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:14, on 31/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\KEEPIN~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213905170328
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ncgesrv02.ncge.ie/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E059118-C453-4F19-B364-68E3C36D151E}: NameServer = 80.249.249.249,80.249.249.250
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 7558 bytes

-- Files created between 2008-06-30 and 2008-07-31

---

2008-07-31 00:02:12 0 d

---

C:\WINNT\ERUNT
2008-07-30 22:07:45 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-07-30 09:32:04 0 d

---

C:\Program Files\Panda Security
2008-07-28 07:15:58 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 07:15:41 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-07-28 07:15:41 0 d

---

C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-18 16:14:49 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-07-06 20:10:25 0 d

---

C:\WINNT\winsxs
2008-07-06 20:10:23 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 03:46:51 0 d

---

C:\Program Files\Sun
2008-07-01 22:48:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-07-01 22:48:21 0 d

---

C:\WINNT\PaltalkScene
2008-07-01 22:48:21 0 d

---

C:\Program Files\Paltalk Messenger
2008-07-01 05:57:30 927126 ---h

---

C:\WINNT\ShellIconCache


-- Find3M Report

---

2008-07-31 12:51:24 0 d

---

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-30 23:23:53 0 d-a

---

C:\Program Files\Common Files
2008-07-30 21:47:44 0 d

---

C:\Program Files\DVD Photo Slideshow Professional
2008-07-30 21:46:45 0 d

---

C:\Program Files\Shockwave.com
2008-07-30 16:31:06 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 21:04:10 0 d

---

C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-07-07 18:18:15 0 d

---

C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-07 17:30:45 16 --a

---

C:\WINNT\popcinfo.dat
2008-07-06 20:10:05 0 d

---

C:\Program Files\Common Files\Adobe
2008-07-06 19:59:48 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 19:49:21 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 03:46:19 0 d

---

C:\Program Files\Java
2008-07-02 20:13:32 0 d

---

C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-29 19:25:28 2080 --a

---

C:\WINNT\system32\tmp.reg
2008-06-27 05:51:34 0 d

---

C:\Program Files\Common Files\SWF Studio
2008-06-26 22:56:01 0 d

---

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-23 07:56:26 0 d

---

C:\Program Files\Canon
2008-06-22 21:19:40 0 d

---

C:\Program Files\Common Files\Canon
2008-06-22 09:02:22 0 d

---

C:\Program Files\MSXML 4.0
2008-06-20 07:22:09 0 d

---

C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-20 07:21:42 0 d

---

C:\Program Files\Uniblue
2008-06-18 03:50:09 288 --ah

---

C:\aaw7boot.cmd
2008-06-18 02:54:58 0 d

---

C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-16 08:02:35 0 d

---

C:\Documents and Settings\Administrator\Application Data\LIVECHAT
2008-06-16 07:59:44 0 d

---

C:\Program Files\LIVECHAT
2008-06-05 23:25:49 0 d

---

C:\Program Files\CoffeeCup Software
2008-06-04 01:16:59 0 d

---

C:\Documents and Settings\Administrator\Application Data\Flickr
2008-06-04 01:16:42 0 d

---

C:\Program Files\Flickr Uploadr
2008-05-12 22:52:48 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_2e8.dat


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [14/07/03 13:00 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/08 05:25 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/01/08 23:20 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/07 13:12 ]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/05 11:44 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/05 11:44 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/07 08:42 ]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 C:\WINNT\system32\CTFMON.EXE]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 16:40 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/08 11:43 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [02/04/08 09:49 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsft Security Monitor Process"=mssmppp.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [06/06/2008 11:22:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [08/05/2008 23:17:29]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=&quot;Driver"




-- End of Deckard's System Scanner: finished at 2008-07-31 13:41:46

---

ActorSeeksJob

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  [kill explorer]
  C:\Documents and Settings\All Users\Application Data\OOYAŽ3113.sys
  C:\Documents and Settings\All Users\Application Data\YUAŽ3113.sys 
  C:\Documents and Settings\All Users\Application Data\UYAŽ3113.sys
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys
  purity 
  EmptyTemp
  [start explorer]
  

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS Log

wildsaffy

Hi Actor,

Here is the OTMoveIT2 log; DSS log files below:

Explorer killed successfully
File/Folder C:\Documents and Settings\All Users\Application Data\OOYAŽ3113.sys not found.
File/Folder C:\Documents and Settings\All Users\Application Data\YUAŽ3113.sys not found.
File/Folder C:\Documents and Settings\All Users\Application Data\UYAŽ3113.sys not found.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys\\ deleted successfully.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_140803

DSS Log

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-31 14:10:15
Computer is in Normal Mode.

---

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 247 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:21, on 31/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\OTMoveIt2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\KEEPIN~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213905170328
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ncgesrv02.ncge.ie/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E059118-C453-4F19-B364-68E3C36D151E}: NameServer = 80.249.249.249,80.249.249.250
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 7255 bytes

-- Files created between 2008-06-30 and 2008-07-31

---

2008-07-31 00:02:12 0 d

---

C:\WINNT\ERUNT
2008-07-30 22:07:45 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-07-30 09:32:04 0 d

---

C:\Program Files\Panda Security
2008-07-28 07:15:58 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 07:15:41 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-07-28 07:15:41 0 d

---

C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-18 16:14:49 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-07-06 20:10:25 0 d

---

C:\WINNT\winsxs
2008-07-06 20:10:23 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 03:46:51 0 d

---

C:\Program Files\Sun
2008-07-01 22:48:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-07-01 22:48:21 0 d

---

C:\WINNT\PaltalkScene
2008-07-01 22:48:21 0 d

---

C:\Program Files\Paltalk Messenger
2008-07-01 05:57:30 927126 ---h

---

C:\WINNT\ShellIconCache


-- Find3M Report

---

2008-07-31 12:51:24 0 d

---

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-30 23:23:53 0 d-a

---

C:\Program Files\Common Files
2008-07-30 21:47:44 0 d

---

C:\Program Files\DVD Photo Slideshow Professional
2008-07-30 21:46:45 0 d

---

C:\Program Files\Shockwave.com
2008-07-30 16:31:06 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 21:04:10 0 d

---

C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-07-07 18:18:15 0 d

---

C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-07 17:30:45 16 --a

---

C:\WINNT\popcinfo.dat
2008-07-06 20:10:05 0 d

---

C:\Program Files\Common Files\Adobe
2008-07-06 19:59:48 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 19:49:21 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 03:46:19 0 d

---

C:\Program Files\Java
2008-07-02 20:13:32 0 d

---

C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-29 19:25:28 2080 --a

---

C:\WINNT\system32\tmp.reg
2008-06-27 05:51:34 0 d

---

C:\Program Files\Common Files\SWF Studio
2008-06-26 22:56:01 0 d

---

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-23 07:56:26 0 d

---

C:\Program Files\Canon
2008-06-22 21:19:40 0 d

---

C:\Program Files\Common Files\Canon
2008-06-22 09:02:22 0 d

---

C:\Program Files\MSXML 4.0
2008-06-20 07:22:09 0 d

---

C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-20 07:21:42 0 d

---

C:\Program Files\Uniblue
2008-06-18 03:50:09 288 --ah

---

C:\aaw7boot.cmd
2008-06-18 02:54:58 0 d

---

C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-16 08:02:35 0 d

---

C:\Documents and Settings\Administrator\Application Data\LIVECHAT
2008-06-16 07:59:44 0 d

---

C:\Program Files\LIVECHAT
2008-06-05 23:25:49 0 d

---

C:\Program Files\CoffeeCup Software
2008-06-04 01:16:59 0 d

---

C:\Documents and Settings\Administrator\Application Data\Flickr
2008-06-04 01:16:42 0 d

---

C:\Program Files\Flickr Uploadr
2008-05-12 22:52:48 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_2e8.dat


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [14/07/03 13:00 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/08 05:25 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/01/08 23:20 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/07 13:12 ]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/05 11:44 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/05 11:44 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/07 08:42 ]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 C:\WINNT\system32\CTFMON.EXE]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 16:40 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/08 11:43 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [02/04/08 09:49 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [06/06/2008 11:22:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [08/05/2008 23:17:29]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=&quot;Driver"




-- End of Deckard's System Scanner: finished at 2008-07-31 14:10:41

---

ActorSeeksJob

Perfect, nearly done

Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.




* Click on the Start Button, Click Search
Click "All Files and Folders"
Click "Advanced Options", put a check next to the following:
Search System Folders
Search Hidden Files And Folders
Search Subfolders


Next copy and paste the following entries into the search box(one at a time):

OOYAŽ3113.sys


Tell me if it is found and the location of the file



Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select

My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

wildsaffy

Actor,

I am running Windows 2000 Professional - does this make a difference?

Thanks,
wildSaffy

ActorSeeksJob

That method may not work for Windows 2000, try do those steps though, just have a look around for the way to do it on that OS

If you cant just go on with the Kaspersky step

wildsaffy

Here is the log, Actor!

KASPERSKY ONLINE SCANNER REPORT
Thursday, July 31, 2008 11:32:31 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/07/2008
Kaspersky Anti-Virus database records: 1034742


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
\
E:\

Scan Statistics
Total number of scanned objects 134214
Number of viruses found 11
Number of infected objects 23
Number of suspicious objects 2
Duration of the scan process 04:52:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\cert8.db Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\history.dat Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\key3.db Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\parent.lock Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\cd\Download_x-cd-ripper.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.ai skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfui7815.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\1500 Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\My Documents\audible\Logs\Explorer_AudibleShellExt.log Object is locked skipped

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Marian Keyes - the real thing.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos.zip/zfe2.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08126C81.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\206D58DE.exe Infected: Backdoor.Win32.Rbot.cql skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\280C4879.tmp Infected: Worm.Win32.Feebs.gen skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32813607.exe Infected: Backdoor.Win32.IRCBot.xx skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E56992.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\457176F8.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50046D55.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FD6443.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A9439B5.tmp Infected: Email-Worm.Win32.Warezov.fh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61295A77.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61A26BF2.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67183D5D.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\677928F1.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B233AEA.tmp Infected: Email-Worm.Win32.Warezov.fh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D547080.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DC05A09.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

C:\wamp\logs\access.log Object is locked skipped

C:\wamp\logs\apache_error.log Object is locked skipped

C:\WINNT\CSC\00000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\Sti_Trace.log Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

wildsaffy

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-01 11:10:06
Computer is in Normal Mode.

---

Percentage of Memory in Use: 95% (more than 75%).
Total Physical Memory: 247 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:09, on 01/08/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\keeping computer clean\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\KEEPIN~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213905170328
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ncgesrv02.ncge.ie/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E059118-C453-4F19-B364-68E3C36D151E}: NameServer = 80.249.249.249,80.249.249.250
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 7367 bytes

-- Files created between 2008-07-01 and 2008-08-01

---

2008-07-31 17:48:20 0 d

---

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-31 17:48:16 0 d

---

C:\WINNT\system32\Kaspersky Lab
2008-07-31 00:02:12 0 d

---

C:\WINNT\ERUNT
2008-07-30 22:07:45 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-07-30 09:32:04 0 d

---

C:\Program Files\Panda Security
2008-07-28 07:15:58 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 07:15:41 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-07-28 07:15:41 0 d

---

C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-18 16:14:49 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-07-06 20:10:25 0 d

---

C:\WINNT\winsxs
2008-07-06 20:10:23 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 03:46:51 0 d

---

C:\Program Files\Sun
2008-07-01 22:48:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-07-01 22:48:21 0 d

---

C:\WINNT\PaltalkScene
2008-07-01 22:48:21 0 d

---

C:\Program Files\Paltalk Messenger
2008-07-01 05:57:30 927126 ---h

---

C:\WINNT\ShellIconCache


-- Find3M Report

---

2008-08-01 08:00:17 0 d

---

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-30 23:23:53 0 d-a

---

C:\Program Files\Common Files
2008-07-30 21:47:44 0 d

---

C:\Program Files\DVD Photo Slideshow Professional
2008-07-30 21:46:45 0 d

---

C:\Program Files\Shockwave.com
2008-07-30 16:31:06 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 21:04:10 0 d

---

C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-07-07 18:18:15 0 d

---

C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-07 17:30:45 16 --a

---

C:\WINNT\popcinfo.dat
2008-07-06 20:10:05 0 d

---

C:\Program Files\Common Files\Adobe
2008-07-06 19:59:48 0 d

---

C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 19:49:21 0 d

---

C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 03:46:19 0 d

---

C:\Program Files\Java
2008-07-02 20:13:32 0 d

---

C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-29 19:25:28 2080 --a

---

C:\WINNT\system32\tmp.reg
2008-06-27 05:51:34 0 d

---

C:\Program Files\Common Files\SWF Studio
2008-06-26 22:56:01 0 d

---

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-23 07:56:26 0 d

---

C:\Program Files\Canon
2008-06-22 21:19:40 0 d

---

C:\Program Files\Common Files\Canon
2008-06-22 09:02:22 0 d

---

C:\Program Files\MSXML 4.0
2008-06-20 07:22:09 0 d

---

C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-20 07:21:42 0 d

---

C:\Program Files\Uniblue
2008-06-18 03:50:09 288 --ah

---

C:\aaw7boot.cmd
2008-06-18 02:54:58 0 d

---

C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-16 08:02:35 0 d

---

C:\Documents and Settings\Administrator\Application Data\LIVECHAT
2008-06-16 07:59:44 0 d

---

C:\Program Files\LIVECHAT
2008-06-05 23:25:49 0 d

---

C:\Program Files\CoffeeCup Software
2008-06-04 01:16:59 0 d

---

C:\Documents and Settings\Administrator\Application Data\Flickr
2008-06-04 01:16:42 0 d

---

C:\Program Files\Flickr Uploadr
2008-05-12 22:52:48 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_2e8.dat


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [14/07/03 13:00 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/08 05:25 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/01/08 23:20 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/07 13:12 ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/05 11:44 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/05 11:44 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/11/07 08:42 ]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 C:\WINNT\system32\CTFMON.EXE]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 16:40 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/08 11:43 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [02/04/08 09:49 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [06/06/2008 11:22:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [08/05/2008 23:17:29]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=&quot;Driver"




-- End of Deckard's System Scanner: finished at 2008-08-01 11:11:38

---

ActorSeeksJob

Hello

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  [kill explorer]
  C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\cd\Download_x-cd-ripper.exe 
  C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.mp3
  C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.wm
  C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.zip
  C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Marian Keyes - the real thing.mp3
  purity 
  EmptyTemp
  [start explorer]
  

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

wildsaffy

Explorer killed successfully
File/Folder C:\Documents and Settings\Administrator\Desktop\olddesktop\olddesk 8.4.07\cd\Download_x-cd-ripper.exe not found.
File/Folder C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.mp3 not found.
File/Folder C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.wm not found.
File/Folder C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\jethro tull.zip not found.
File/Folder C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Marian Keyes - the real thing.mp3 not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp16.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_123538

ActorSeeksJob

Your logs are clean

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

wildsaffy

Just came by to say "thanks" to Actor for your help - my computer is working a lot better now (not perfect, still hangs sometimes, but it works!!!) .....

I appreciate the detailed help I received from you and the advice going forward.

Good on yer!

wildsaffy

Hi,

Just looking through the programmes I have running as machine can still be slow - and I think the problem emanates from Spybot's SD Helper - now that I have uninstalled that the computer seems to be running quicker.

I am still running Teatime.

Has anyone else experienced this?