Help removing worm

Ad-aware stated I had a worm. I can only do a smart scan, the full scan gives and error and shuts down. Seems my antivirus has an override on it. Here is the HJT log. Thanks in advance.

Bobby


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:20 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 6564 bytes

 

Hi Capricious

Can you tell me the Name given and file path?

Please do this.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post the results and anything you can tell me about what AdAware said.

Thanks
Geri

 

Holy cow! 514 virus files found by Panda. I could not find the name of the Worm that Adaware found, but I wrote down the file path. Here they are with the Panda report. Thanks!!

Adaware file path:
C\Windows\system32\bszip.dll
C\Windows\system32\cmd.com
C\Windows\system32\netstat.com
C\Windows\system32\ping.com
C\Windows\system32\taskkill.com
C\Windows\system32\tasklist.com
C\Windows\system32\tracert.com

Incident Status Location Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\About CNET Networks.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\About CNET Networks.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\All RSS feeds.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\All Software.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\CNET TV.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Compare Prices.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Free MP3s.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Help Center.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\PC Games.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Privacy policy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S&P 500 Stock Trading Calendar 2005 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.C.A.R.S. updated demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.E. Remote Control 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.T.A.L.K.E.R. Shadow of Chernobyl E3 2004 trailer 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.T.D. Codes India 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.A.T. Pro 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. 1.4 demo patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. English retail patch 1.2-1.4 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. French retail patch 1.3-1.4 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. German retail patch 1.0-1.4 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. German retail patch 1.3-1.4 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. multiplayer demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S.W.I.N.E. v1.4 patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S10 RedEyes 2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S10 WebAlbums 2.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S1M Stock Quoter 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\s2 (s~quad) Small Business Edition 1.0.05.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S2 Adept 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S2 Salon Scheduler 1.6.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S2-Pack 2003.08.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S2V Voice 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S3C Java Serverside Cache 2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\S3xy Mariah Carey 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\SA Report Series for FortiGate 1.1 b060212.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\SA Report Series for Ipfilter 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\SAAPLL01 10 April 2005.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Saavor 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\SABERpersonal 6.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sablotron 1.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sabotage 2.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sabotage on the Century Cauldron 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sabotain Break the Rules demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\SabreWing 2 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sachi's Quest Demo 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred Demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred Plus expansion pack .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred Plus patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred v1.5 Patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred v1.6 Patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred v1.66 patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacred v1.7 patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice America map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Arena Muffin map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Ashvil map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Battlefront map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Black Death map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Blood Bowl map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Canyons map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Chad Ballot 2 map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Chad Ballot map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Death Valley map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Defend map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Desert of Death map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Dragon Mountain map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Face-off map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Flame Bowl map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Florida map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Forest map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Grassy Noll map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Green Lands map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Hands of Fate map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Itheria map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Jokers Valley map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Kindred map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Kryps map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Meadow111 map .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice Nowhere map .zip[Setup.exe]

The rest of the file is too long to post on here. I can email it to you if you want to see it all.

 

Hi Capricious

You will have to put it in two or more posts, I do need to see it all.

Please do this next.

Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the Combofix log and the rest of the Panda Scan.

Thanks
Geri

 

ComboFix 07-09-21.2 - "Bobby" 2007-09-26 20:51:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.36 [GMT -6:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Bobby\Desktop\internet.lnk
C:\Program Files\ISM
C:\Program Files\Uninstall Information\vizycik83122.dll
C:\WINDOWS\system32\C2
C:\WINDOWS\system32\f04WtR
C:\WINDOWS\system32\f04WtR\f04WtR1080.exe
C:\WINDOWS\system32\Z1

.
((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.

2007-09-26 20:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 15:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-24 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-24 12:08 <DIR> d--hs---- C:\WINDOWS\Qm9iYnkgTHVjZXJv
2007-09-24 12:08 <DIR> d-------- C:\WINDOWS\system32\GB9
2007-09-24 12:08 <DIR> d-------- C:\WINDOWS\system32\DL1
2007-09-24 12:07 35,328 --a------ C:\WINDOWS\system32\ddcccax.dll
2007-09-24 12:05 <DIR> d--hs---- C:\Program Files\outlook
2007-09-24 12:05 <DIR> d--hs---- C:\DOCUME~1\Bobby\Complete
2007-09-18 14:21 <DIR> d-------- C:\DOCUME~1\Bobby\APPLIC~1\U3
2007-09-10 10:56 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-10 10:56 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-07 17:48 96,704 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-09-04 07:20 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-04 07:17 <DIR> d-------- C:\Program Files\MSBuild
2007-09-04 07:17 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-04 07:10 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-04 07:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-04 07:04 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 16:25 --------- d-------- C:\Program Files\iTunes
2007-09-26 16:24 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-09-25 11:30 --------- d-------- C:\Program Files\Nokia
2007-09-25 11:30 --------- d-------- C:\Program Files\Common Files\Nokia
2007-09-24 13:09 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-24 13:09 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-04 09:17 --------- d-------- C:\DOCUME~1\Bobby\APPLIC~1\AdobeUM
2007-08-16 19:55 --------- d-------- C:\Program Files\Audacity
2007-08-15 22:42 --------- d-------- C:\Program Files\Common Files\PCSuite
2007-08-15 22:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-08-14 22:41 --------- d-------- C:\DOCUME~1\Bobby\APPLIC~1\PC Suite
2007-08-14 22:28 --------- d-------- C:\DOCUME~1\Bobby\APPLIC~1\Nokia
2007-08-14 22:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-08-13 12:33 --------- d-------- C:\Program Files\Google
2007-08-13 12:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-10 20:38 --------- d-------- C:\Program Files\iPod
2007-08-10 20:38 --------- d-------- C:\DOCUME~1\Bobby\APPLIC~1\Apple Computer
2007-08-10 20:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-10 20:37 --------- d-------- C:\Program Files\QuickTime
2007-08-10 20:36 --------- d-------- C:\Program Files\Apple Software Update
2007-08-10 20:35 --------- d-------- C:\Program Files\Common Files\Apple
2007-08-10 20:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-10 20:31 --------- d-------- C:\DOCUME~1\Bobby\APPLIC~1\Google
2007-08-10 13:56 93128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-08-07 13:48 25160 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 00:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\Qm9iYnkgTHVjZXJv\kA62sB40nJp3trLS.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 00:46]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"hppwrsav "= "C:\SCANJET\PrecisionScanLT\hppwrsav.exe" [1999-06-07 12:27]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"DVDTray "= "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 02:58]
"NWEReboot "=" " []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-10 03:29]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys
R2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys
R3 alihub;Generic Hub on USB 2.0 Bus;C:\WINDOWS\system32\DRIVERS\AliHub.sys
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
R3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7dc5f70-6624-11dc-bf86-00d0b7e813d3}]
AutoRun\command- H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-08-19 04:36:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 20:55:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 20:57:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 20:57
.
--- E O F ---

 

Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Bobby\Complete\Sacrifice One on One map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice patch 2 .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice patch 3 .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Sacrifice Frenzy map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Sacrificial Dawn map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Scorch map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Shadow map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Skeleton Desert map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Spyder's Paradise map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice Synergy map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice the Big map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice The Gloaming map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice the Grand 'Ol USA map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sacrifice the Valley map .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAD2CUE 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sada Private Messenger 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saddle Up - Time to Ride 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAEBR 1.26.06.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safari 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safari Adventures Africa 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safari Biathlon Racer .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safari Enhancer 2.6.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafariButtons 0.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafarIcon 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safarp 0.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Chat Messenger with Parental Controls 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Cracker 2.05.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Data Recovery 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe E-Mail Links Scout 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Eyes 2006 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Eyes 2006 4.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Families We-Blocker Parental Control 2.0.1 build 88.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Key 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Passage 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Place 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe Surfer 4.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe WinFile Ultimate Tech 2005 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe'n'Sec 2.85.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe'n'Sec Plus Antivirus 2.0.85.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe-Docs 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe2Bid 1.1 build 21.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safe2Net 4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeBit 1.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeCryptor 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeDee 2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeDoc Tools 1.0262.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeDog X 6.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafEEditor 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafEEditor for Mac 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeGuard PrivateDisk 1.0.6.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safeguard Protecting Your Privacy 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\safeHtmRename 1.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeIT Desktop Security Suite 2006 (7.5.0.0).zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeIT E-mail Shredder for Outlook 2003 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeIT File Encryption 2006 (7.5.0.0).zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeIT File Shredding 2006 7.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeIT Secure Disk 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeKey 1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safelist Marketing eCourse 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safelist Marketing Revealed 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeLogon 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safely Remove 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeMail 1.05.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeNetUPS Minidriver 1.0b.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafenSec Plus Anti-Spyware 2.0.854.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safepage 1.21.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafePC 3.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafePC+ 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafePods for Internet Explorer 1.0.05.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeProtector 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safer Workstation 1.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaferSpace 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeSerial OCX Standard Edition 2.3.9.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeSex 0.35.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeShopper 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeShred 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeShred Pro 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safesquid Content Filtering Proxy 4.0.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafestMail Personal Edition 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeSurf 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeSystem 2006.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeTweak XP 2.5.0.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeTweak XP Resource 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Safety Net 1.15.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafeWallet 2.1 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SafO - SafestMail for Outlook 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saft 7.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saga CD Ripper 1.04.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saga MP3 Cutter 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sagata Regression Pro 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sage 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sage for Firefox 1.3.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sage Order Importer 2007 13.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sage Password Recovery 7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SageTV 4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAHA Self Extract 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sahara Screensaver .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sahara Screensaver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sahara Trailer .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sailing Ship 3D Screensaver 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sailor Moon Media Player 8.6.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sailors of the Sky demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SailTimer 1.0.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saint Paint Studio 12.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saints and Sinners Bingo 1.0.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saints and Sinners Bowling demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SakasaMouse 1.01.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saki Bomb 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saki Mobile for Pocket PC 1.72.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sala 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salaat Time 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalaryExpert 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salat Almanac 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales 101 5.44.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Cycle Manager (Palm) 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Everywhere CRM for Windows Mobile 2003 2.5.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Everywhere CRM for Windows Mobile 5.0 2.5.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Manager Pro 6.0.2 build 1199.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Master LP (Le Perfectionniste) 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Navigator 10.15c.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Navigator Fast Track Lite 10.16.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Organizer 8.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Organizer 8.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Secrets Revealed 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales Tax Generator 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sales-n-Stats Free Edition 1.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalesAlarm! 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalesCart Standard 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaleSmartz Pro 5.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaleSmartz Pro 5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalesOutlook 4.4.zip[Setup.exe]

 

C:\Documents and Settings\Bobby\Complete\SalesStorm 3.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalesTax Mate 2.0.93.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salexo's No Limit Texas Hold 'Em Poker 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salexo's No Limit Texas Hold 'Em Poker 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salling Clicker 2.2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salling Clicker 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salma Hayek Screen Saver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salma Hayek Sex-E Screensaver 3.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salon Iris 5.0.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salon Maid 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salon Master 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SalonSalon II 1.8.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salsaroc Salsa Shines 1.03.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salsaware 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salt Lake City Olympic Screensaver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Salvo demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAM (Beauty Salon Software) 6.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAM - Skype Answering Machine 2.0 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAM - Small Application Modules 1.52.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAM Broadcaster 3.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sam's Gr-8 Page Toolbar for FF 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sam's Gr-8 Page Toolbar for IE 4.5.11.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sam's Multi Tool 1.2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sambar Server 5.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sambucus 2.3.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Same - Next Generation 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Same Files Assistant 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SameGame 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SameWords 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sami FTP Server 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sami FTP Server 2.0.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sami HTTP Server 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAMInside 2.5.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SamLogic CD-Menu Creator 2006 4.5.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SamLogic MultiMailer 2006 5.0.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 - 2000 Roster Update 4.1 .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 1.1 patch .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 1.2 patch .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 1.25 patch .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 All-Star Break 2000 Roster update .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 beta demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa High Heat Baseball 2001 demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Sosa Softball Slam demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sammy Suricate 1.45.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sample Champion Light 2.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sample PDA IT Support Policy 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SampleCalc 1.41.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SampSonic Audio and Photo Jukebox 1.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Samstyle Visual Style Manager 2.92.2608.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Samurai 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Samurai Blades On Deadly Ground 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\San Diego Chargers screensaver .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\San Francisco 49ers screensaver .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sandboxie 1.85.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sandra Bullock Sex-E Screensaver 3.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SANDRA Lite 2005.SR3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sandtrap 1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sandwarriors demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sango 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sanitarium demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sankey Editor 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SANmelody 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sannu's Agent Calculator 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sannu's Agent Calendar 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sannu's Agent Pro 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sannu's Agent Viewer 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SannySoft Perl Editor Pro 3.1 build 186.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sanshowbean 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sanskrit Pronunciations 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Santa Balls 2 1.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Santa Mail - North Pole Direct 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Santa's Christmas Ride 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Santa's Email Express 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Santa's Gift Drop 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAP RFC Pro 0.1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAPEdit 1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sapper++ 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sapphire 3.1 build 830.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sapphire Spires for Symbian Series 60 devices 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sapphire SuDoku 1.1.0.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireBattery 01.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireButtons 02.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireEncrypt 04.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireFTP 05.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireGzip 04.10.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireIMEI 03.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireIrDA 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireMail 01.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SapphireRAS 09.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sarah Michelle Gellar Sex-E Screensaver 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sarbacane 2.2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sarbyx 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sarbyx TrayClock 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAS Professional Business Management 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SasCam Webcam Server 2.6.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SASuite 7.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAT & GMAT Practice Problems 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAT GRE Crash Course 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sat-Trakker Satellite Retailer Software 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sateira CD&DVD Burner 2.52.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Satellite Antenna Alignment 2.36.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Satellite Image Browser 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SATextureLab 1.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saturday Night Speedway 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saturn 3D ScreenSaver 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaturnClient 2.8.01.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SatWhere 1.1.14.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saurus CMS Free 4.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sausages 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sauver Personal Edition 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sav ZBase 8.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sav Zigzag 8.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savage demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savage The Battle for Newerth demo 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savage The Battle for Newerth v2.0b to v2.0c patch .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savanna 2.1 build 1054.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savant Armor Quest (The Elder Scrolls III Morrowind) .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save Flash 3.0.67.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save Flash Player 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save Keys Undetectable 6.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save Message 2.10 r2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save Users and Passwords 2.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Save2FTP 1.5.882.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaveBackup 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaveDir 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaveForm 2.32.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaveHollywood 1.6.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaveIt 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saver Manager 1.0.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SaverNow 2.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SAVI Signaling Analysis and Visualization 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Saving Account 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Savvy Clipboard 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SawCutter 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sawmill 7.2.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sax21 2.2.zip[Setup.exe]

 

C:\Documents and Settings\Bobby\Complete\Say Anything Trailer .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Say It Safe for Outlook 2003 1.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Say It With a Balloon 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Say the Time 2006 8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SayaMatrix Accounting 3.03.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sayas Screensaver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SayOClock 1.2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SayTunes 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SB Oscillograph 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBE WebSystem 1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBJV 4.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBMAV Disk Cleaner 2.76.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBMAV Disk Cleaner Lite 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBNews News Robot 9.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBox 2.165.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBS Asset Tracking 1.31.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBS Communique 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBS Quality Database 3.50.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBS Training Database 2.27.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SBWcc WebCam Corder 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SC-DiskInfo 1.07.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SC-KeyLog Pro 3.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SC-Unimail 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scadenze Light 6.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scadex Project Tracker 4.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCalculator (Motorola A780,C975,C980,E680,E100) 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCalculator (Nokia 6230,6255,7260,3230,6630,N70) 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCalculator (Siemens SK65,SL65,C65,C66,CX65) 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCalculator (Sony Ericsson) 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScalePhobia 1.2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scam 101 Software 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scam Escrow Detector 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scam Sensor for Outlook 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scam Sensor for Outlook Express 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan and Sort It 6.0a.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan Port 1.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan&Fill II 1c.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan-n-Stitch Deluxe 1.1.9.9.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan2Email 1.11.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan2Text 1.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scan4Cover 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanAndSave 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanAsPDF 1.8.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scancat-Gold 8.2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanDBX for Outlook Express 2.19.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanFont 3.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanHelper 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanLite 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanMaster 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scanmetender Standard 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScannerManager 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scannet Pro 3.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanNet Professional 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanOrientator 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scanout 1.8.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanR Whiteboards for Treo 700p 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanR Whiteboards for Treo 700w 2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScanR Whiteboards for WM5 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCAR - Squadra Corse Alpha Romeo demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scarab demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scarabay 2.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\sCARface Raging Racing 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scarlet Grains 7.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scarlet Waves demo .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scary Forest 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScatLab 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scatoms 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scavenger Hunt .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCEA 310-051 Exam Simulator 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scene Composer Razor 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SceneDraw 1.0a.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scenes Of Christmas Screen Saver 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scenes of Egypt Screen Saver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scenes Of Golf 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scenes Of Winter Screen Saver 2.0.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SceneWriter Pro 3.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scenic Delight Screensaver 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScenicUS.com 6.4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCGrid 6.07.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchedInspector 1.0.6.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduLAN 5.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule 25 Limited Availability People 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule 3.5.31.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Crew Assignments for Your Employees 3.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Daily Calls and Tasks for 20 Doctors 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Generator 1.0.8.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule It 3.0 revision 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Master 4.01.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Split Shifts for Your Employees 6.43.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Timer ActiveX 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Wizard Automation Edition 4.01.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule Wizard Standard Edition 4.01 build 4017.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedule XP with Runtime 5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleAssist Basic 1.1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleAssist Deluxe 1.1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleAssist Premier 1.1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleAssist Reader 1.1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scheduler 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scheduler for Excel 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scheduler Pro Ocx 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchedulerLite 1.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedules for 3 Shifts and 25 Employees 6.42.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedules2Go 1.01.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schedules4Team 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleUs Family 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScheduleUs Publisher 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scheduling Employees 2000 2.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schema (OS X) 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schema 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schema Plus 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchemaFX 1.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schematic 3.19.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchemaToDoc 4.5.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schemester 1.1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schlumpiwutz 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schmaili 5.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schmap Player 1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchnauzerSoft's AVC 2.5.zip[Setup.exe]

 

Edited to put at the end of posts.

 

C:\Documents and Settings\Bobby\Complete\Schneider Software Designer Component 1.3.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scholar's Aid Lite 4.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScholarWord MLA Edition 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\ScholarWord MLA Edition 1.1.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Attendance Keeper 2.1.2.128.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Daze 1.13.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Focus 1.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Guitar Learning Software 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Management System 2.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Management System 3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School of Magic 3D Screensaver 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Organizer 2.03.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Response 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Sleuth 2003 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Tycoon .zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\School Tycoon 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schoolhouse Bingo 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schoolhouse Test 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SchoolMarm 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schoolremote Studio Gradebook 3.2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Schredit 1.0j.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCI Java Photo Chat Server 3.4.9.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCI Photo Chat 3.4.9.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCI Photo Chat Server 3.4.9.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sci-Fi Sounds - MorphVOX Add-on 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sci-Fi Voices - MorphVOX Add-on 1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Sci-Tek Gallery 3D Screensaver 1.0.7.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCICA Speech 0.2a.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SCICA Sudoku 1.02.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciCalc 2.1.4.3.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Science Helper For Ms Word 2.2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Science Quiz 2.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Science Quizzes 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Science Teacher's Helper 1.6.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scientific Advantage Calculator for Pocket PC 1.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scientific Alarm Clock 2.0.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Scientific Alarm Clock 3.1.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciFi Deluxe Adobe Audition Plugin 1.0c.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciMark Standard Edition At64 2006.08.21.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciMark Standard Edition Complex 2006.08.08.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciMark Standard Edition Drives 2006.08.08.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciMark Standard Edition Graphics 2006.08.08.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\SciMark Standard Edition MP 2006.08.08.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Site map.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Spyware Removal.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Submit Software.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Terms of use.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Tips &amp; Tricks.zip[Setup.exe]
C:\Documents and Settings\Bobby\Complete\Today on CNET.zip[Setup.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@burstnet[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@fastclick[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@serving-sys[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@zedo[1].txt
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\outlook.exe
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\p.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\v.tmp
Adware:Adware/TTC Not disinfected C:\Program Files\Uninstall Information\vizycik83122.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Qm9iYnkgTHVjZXJv\kA62sB40nJp3trLS.vbs
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\DL1\MMEMDT83122.exe
Virus:W32/Gaobot.MFM.worm Disinfected C:\WINDOWS\system32\winlog.exe

 

Hi Capricious

Do this next.

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Then we need to check these, I'm almost certain they are bad but lets check before killing them.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page:
  
  • C:\WINDOWS\system32\GB9
• Click on the submit button
  
• Please post the results in your next reply.

Please post the Vundo log and the Jotti results.

Thanks
Geri

 

Hi Capricious
Please save this or print it out so you can follow it in safe mode.

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next "
• In the box to choose where to extract the files to,
• Click "Browse "
• Click on the + sign next to "My Computer "
• Click on "Local Disk (C or whatever your primary drive is
• Click "Make New Folder "
• Type in BFU
• Click "Next ", and Uncheck the "Show Extracted Files" box and then click "Finish ".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As ") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Please run this.

Please follow these instructions exactly as given.

Now download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the "Update now" link.
   • The update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select " Do Not Automatically generate reports "

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Save Reports"
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
• Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of AVG Anti-Spyware text report that you saved.

Thanks
Geri

 

I found out that my nephew was on my PC and tried downloading screensavers for his phone from limewire. All those files from the activescan were zip files. I deleted them all then performed all the above mentioned steps. Here are the logs you asked for.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:42 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 7106 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:59:12 PM 9/29/2007

+ Scan result:



C:\Documents and Settings\Bobby\Cookies\bobby@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@e-2dj6wfk4egazglo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@e-2dj6wgkocmcjclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Qm9iYnkgTHVjZXJv\kA62sB40nJp3trLS.vbs -> Trojan.Small : Cleaned.


::Report end

 

Hi Capricious

OK Good, Lets get another scan.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Does Ad-aware still state you have a worm?

Thanks
Geri

 

Hi
Did you also do the steps in post # 11 above?

Please post the results.

Thanks
Geri

 

I did do the steps in #11. Vundofix log is at the bottom. It didn't find anything. Jotti's said the file was 0 bytes, or that it was blocked by malware. I looked at my system restore, and there are no restore dates. I can't even go back in the calendar to previous months.The Deckard's extra.txt log showed that my virus scan is not updating as well. Adaware is not showing the worm anymore.Thanks for the help so far.

Bobby

Deckard's System Scanner v20070905.67
Run by Bobby on 2007-10-01 16:38:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2007-10-01 22:38:48 UTC - RP78 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Bobby.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:50 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bobby\Desktop\dss.exe
C:\DOCUME~1\Bobby\Desktop\Bobby.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 7169 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 ALIEHCD (ALi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ALi Corporation; ALi Ehci Host Controller Driver>
R2 PPSCAN - c:\windows\system32\drivers\ppscan.sys <Not Verified; Hewlett-Packard Co.; >
R3 alihub (Generic Hub on USB 2.0 Bus) - c:\windows\system32\drivers\alihub.sys <Not Verified; ALi Corporation; ALi Generic Hub Driver for USB2.0>
R3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ALi Corporation; ALi Roothub Driver for USB2.0>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>

S3 catchme - c:\docume~1\bobby\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-18 22:36:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-09-29 16:46:50 0 d-------- C:\bintheredunthat
2007-09-29 16:41:49 0 d-------- C:\BFU
2007-09-29 12:40:32 0 d-------- C:\Documents and Settings\Bobby\Application Data\Grisoft
2007-09-29 12:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-29 12:28:22 0 d-------- C:\VundoFix Backups
2007-09-26 15:53:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-24 16:11:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 12:08:48 0 d--hs---- C:\WINDOWS\Qm9iYnkgTHVjZXJv
2007-09-24 12:08:02 0 d-------- C:\WINDOWS\system32\GB9
2007-09-24 12:08:01 0 d-------- C:\WINDOWS\system32\DL1
2007-09-24 12:07:03 35328 --a------ C:\WINDOWS\system32\ddcccax.dll
2007-09-24 12:05:51 0 d--hs---- C:\Documents and Settings\Bobby\Complete
2007-09-18 14:21:58 0 d-------- C:\Documents and Settings\Bobby\Application Data\U3
2007-09-04 07:17:58 0 d-------- C:\Program Files\Microsoft Works
2007-09-04 07:17:42 0 d-------- C:\Program Files\MSBuild
2007-09-04 07:10:46 0 d-------- C:\WINDOWS\SHELLNEW
2007-09-04 07:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-04 07:04:45 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2007-09-26 16:25:42 0 d-------- C:\Program Files\iTunes
2007-09-26 16:24:24 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-25 11:30:57 0 d-------- C:\Program Files\Common Files\Nokia
2007-09-25 11:30:48 0 d-------- C:\Program Files\Nokia
2007-09-25 11:27:51 0 d-------- C:\Program Files\Common Files
2007-09-18 14:53:09 1180701 --a------ C:\Documents and Settings\Bobby\Application Data\NMM-MetaData.db
2007-09-04 09:17:06 0 d-------- C:\Documents and Settings\Bobby\Application Data\AdobeUM
2007-08-16 19:55:48 0 d-------- C:\Program Files\Audacity
2007-08-15 22:42:35 0 d-------- C:\Program Files\Common Files\PCSuite
2007-08-14 22:41:53 0 d-------- C:\Documents and Settings\Bobby\Application Data\PC Suite
2007-08-14 22:28:09 0 d-------- C:\Documents and Settings\Bobby\Application Data\Nokia
2007-08-13 12:59:08 0 d-------- C:\Documents and Settings\Bobby\Application Data\Sun
2007-08-13 12:33:36 0 d-------- C:\Program Files\Google
2007-08-10 20:38:45 0 d-------- C:\Documents and Settings\Bobby\Application Data\Apple Computer
2007-08-10 20:38:19 0 d-------- C:\Program Files\iPod
2007-08-10 20:37:48 0 d-------- C:\Program Files\QuickTime
2007-08-10 20:36:06 0 d-------- C:\Program Files\Apple Software Update
2007-08-10 20:35:35 0 d-------- C:\Program Files\Common Files\Apple
2007-08-10 20:31:29 0 d-------- C:\Documents and Settings\Bobby\Application Data\Google
2007-07-01 00:42:58 680 --a------ C:\WINDOWS\AUTOLNCH.REG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 10:48 AM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 12:46 AM]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"hppwrsav "= "C:\SCANJET\PrecisionScanLT\hppwrsav.exe" [06/07/1999 12:27 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"DVDTray "= "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/2004 02:58 AM]
"NWEReboot "=" " []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [09/10/2007 03:29 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7dc5f70-6624-11dc-bf86-00d0b7e813d3}]
AutoRun\command- H:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-01 16:42:29 ------------

VUNDOFIX

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 12:28:22 PM 9/29/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

 

Hi Capricious
I would really like you to have a system restore point set. even if it is a infected one, we can fix that later.

Please do this for me and see if we can get a restore point.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point. And name it.

Then do this.

Download
OTMoveIt by OldTimer to your Desktop.

• Double click OTMoveIt.exe to launch it.
• Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please post the contents of C:\_OTMoveIt\MovedFiles a new dss log and a new HJT log.

Let me know if you have a restore point set up.

Thanks
Geri

 

_OT Move it file: Had an error with floating file, the one that says failed. I don't know if it finally fixed it or not. It did not indicate a reboot was needed. I created the system restore as well.

Bobby

C:\WINDOWS\Qm9iYnkgTHVjZXJv moved successfully.
C:\WINDOWS\system32\GB9 moved successfully.
C:\WINDOWS\system32\DL1 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ddcccax.dll
C:\WINDOWS\system32\ddcccax.dll NOT unregistered.
C:\WINDOWS\system32\ddcccax.dll moved successfully.
C:\Documents and Settings\Bobby\Complete moved successfully.

Created on 10/02/2007 20:35:53

Aaz Deckard's System Scanner v20070905.67
Run by Bobby on 2007-10-02 20:39:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Bobby.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:17 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bobby\Desktop\dss.exe
C:\DOCUME~1\Bobby\Desktop\Bobby.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 7070 bytes

-- Files created between 2007-09-02 and 2007-10-02 -----------------------------

2007-10-01 17:12:02 0 d-------- C:\Program Files\Lavasoft
2007-10-01 17:11:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-29 16:46:50 0 d-------- C:\bintheredunthat
2007-09-29 16:41:49 0 d-------- C:\BFU
2007-09-29 12:40:32 0 d-------- C:\Documents and Settings\Bobby\Application Data\Grisoft
2007-09-29 12:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-29 12:28:22 0 d-------- C:\VundoFix Backups
2007-09-26 15:53:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-24 16:11:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-18 14:21:58 0 d-------- C:\Documents and Settings\Bobby\Application Data\U3
2007-09-04 07:17:58 0 d-------- C:\Program Files\Microsoft Works
2007-09-04 07:17:42 0 d-------- C:\Program Files\MSBuild
2007-09-04 07:10:46 0 d-------- C:\WINDOWS\SHELLNEW
2007-09-04 07:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-04 07:04:45 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2007-10-01 17:11:24 0 d-------- C:\Program Files\Common Files
2007-10-01 17:04:36 0 d-------- C:\Program Files\Nokia
2007-10-01 17:04:36 0 d-------- C:\Program Files\Common Files\PCSuite
2007-09-26 16:25:42 0 d-------- C:\Program Files\iTunes
2007-09-26 16:24:24 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-18 14:53:09 1180701 --a------ C:\Documents and Settings\Bobby\Application Data\NMM-MetaData.db
2007-09-04 09:17:06 0 d-------- C:\Documents and Settings\Bobby\Application Data\AdobeUM
2007-08-16 19:55:48 0 d-------- C:\Program Files\Audacity
2007-08-14 22:41:53 0 d-------- C:\Documents and Settings\Bobby\Application Data\PC Suite
2007-08-14 22:28:09 0 d-------- C:\Documents and Settings\Bobby\Application Data\Nokia
2007-08-13 12:59:08 0 d-------- C:\Documents and Settings\Bobby\Application Data\Sun
2007-08-13 12:33:36 0 d-------- C:\Program Files\Google
2007-08-10 20:38:45 0 d-------- C:\Documents and Settings\Bobby\Application Data\Apple Computer
2007-08-10 20:38:19 0 d-------- C:\Program Files\iPod
2007-08-10 20:37:48 0 d-------- C:\Program Files\QuickTime
2007-08-10 20:36:06 0 d-------- C:\Program Files\Apple Software Update
2007-08-10 20:35:35 0 d-------- C:\Program Files\Common Files\Apple
2007-08-10 20:31:29 0 d-------- C:\Documents and Settings\Bobby\Application Data\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 10:48 AM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 12:46 AM]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"hppwrsav "= "C:\SCANJET\PrecisionScanLT\hppwrsav.exe" [06/07/1999 12:27 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"DVDTray "= "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/2004 02:58 AM]
"NWEReboot "=" " []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [09/10/2007 03:29 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7dc5f70-6624-11dc-bf86-00d0b7e813d3}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2007-10-02 20:40:11 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:09 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 7040 bytes

 

Hi Capricious
OK those logs look clean.

Still a few things to do. Let me know how things are running.

We need to disable Spybots TeaTimer for this next step, When done please make sure you go back and reinable it.

To disable TeaTimer

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Reboot your computer.

Those items all have to do with Java, Do you have it disabled ?
Let me know because if you did not do it then we need to fix it and download the newest version.

Reinable TeaTimer and anwser the questions I asked, and post one more new HJT log.
If everything is going good then we'll do the clean up.

Thanks
Geri

 

I uninstalled Java when I removed Limewire because it seemed to be doing some strange things. IE and Spybot take about a minute to open up when I click them. The system seems pretty slow opening up other things as well, but those 2 are the worst. Here is the HJT log.

Bobby

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:21 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 6605 bytes