Keyboard/Mouse Virus?!?!

Computing.Net > Forums > Security and Virus > Keyboard/Mouse Virus?!?!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Keyboard/Mouse Virus?!?!

Name: guitarmonkeys04
Date: March 10, 2007 at 12:37:23 Pacific
OS: nVidia
CPU/Ram: Intel P-4 3.2 Ghz 1GB RAM
Product: self built

Comment:

Alright, I have never heard of this ever happening, so I need some help... to start off with, it isn't the result of an overclock, my antivirus and both spywares are up to date, and I have used all of those several time to locate this damned thing... the symptoms are, everything is in caps, I cant write numbers, and when I click on something with the mouse, it highlights everything before it... It is almost like the shift key is permanently stuck on... I have checked filter keys and all that... this all started when I stupidly dled soulseek... I got some music, turned comp off, turned it on the next day, and my password had been changed. I am the only one that uses this comp and the only one with the password... so this is why i am sure that someone hacked into me through the p2p and messed me up... I did manage to get on through safe mode and change the pass back but that is it... Lastly, as you can see now, the typing is fine... Everything goes back to normal when I enter the game "Oblivion" and exit... but when I restart, hell comes back... any help whatsoever would be hugely appreciated...

Sponsored Link

Ads by Google

Response Number 1

Name: jboy
Date: March 10, 2007 at 14:44:13 Pacific

Reply:

A virus is a rogue program running on your computer - while it's unclear what is happening on your system, keyboards and mice do not get 'infected' - inexplicable events are not necessarily due to malware, and that assumption is mainly due to a lack of imagination and experience
Lay off the P2P and other sources of dubious files, and maintain a reliable set of security applications
I'm not one of those who think Bill Gates is the devil. I simply suspect that if Microsoft ever met up with the devil, it wouldn't need an interpreter.

Response Number 2

Name: jabuck
Date: March 10, 2007 at 22:03:34 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Response Number 3

Name: guitarmonkeys04
Date: March 10, 2007 at 23:00:50 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:08 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Response Number 4

Name: guitarmonkeys04
Date: March 10, 2007 at 23:03:18 Pacific

Reply:

SmitFraudFix v2.148
Scan done at 23:04:45.12, Sat 03/10/2007
Run from C:\Documents and Settings\Richard\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Richard

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Richard\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Richard\FAVORI~1
C:\DOCUME~1\Richard\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 5

Name: jabuck
Date: March 11, 2007 at 07:32:49 Pacific

Reply:

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Please download Comboscan from this link:
Comboscan

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

remove ads by admob win 7 set themes of for games soundmax drivers xp 1394 net adapter driver mass storage controller stream.sys mass storage controller network controller driver microsoft multimedia keyboard 1.0a mass storage controller	Integrated High Definition audio with ADI1884 codec drivers sonyvaiolaptop.net broadcom 802.11g network adapter idt high definition audio codec code 10 vanta tnt2m64 driver xp pci network controller driver Unimodem sm bus controller driver xp usbehci.sys download driver Internal High Definition Audio Bus
See More

Response Number 6

Name: guitarmonkeys04
Date: March 11, 2007 at 20:33:03 Pacific

Reply:

NoLop Suggested that no infections were found.

ComboScan Stated this-

ComboScan v20070306.20 run by Richard on 2007-03-11 at 20:33:01
Computer is in Normal Mode.
----------------------
-- System Res---------
Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
78: 2007-03-12 03:33:06 UTC - RP78 - ComboScan Restore Point
77: 2007-03-10 21:49:04 UTC - RP77 - System Checkpoint
76: 2007-03-09 04:07:08 UTC - RP76 - Removed MSXML 4.0 SP2 (KB927978)
75: 2007-03-09 04:03:03 UTC - RP75 - System Restore
74: 2007-03-09 01:45:28 UTC - RP74 - System Restore

-- First Restore Point --
1: 2007-01-11 01:16:29 UTC - RP1 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Richard.---------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:33:16 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richard\Desktop\comboscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HIJACK~1\Richard.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

-- File Associat------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
3S BCM43XX (802.11 Network Adapter Driver) - C:\WINDOWS\system32\drivers\bcmwl5.sys
3S Bridge (MAC Bridge) - C:\WINDOWS\system32\drivers\bridge.sys
3S BridgeMP (MAC Bridge Miniport) - C:\WINDOWS\system32\drivers\bridge.sys
3S cmpci (C-Media PCI Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\cmaudio.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys
1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3R ltmodem5 (LT Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R nvata - C:\WINDOWS\system32\drivers\nvata.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
1R nvport (NVIDIA PORT IO Control Driver) - C:\WINDOWS\system32\drivers\nvport.sys
3R NVR0Dev - C:\WINDOWS\nvoclock.sys
0S NVStrap - C:\WINDOWS\system32\drivers\NVStrap.sys
3S PCANDIS5 (PCANDIS5 Protocol Driver) - C:\WINDOWS\system32\PCANDIS5.SYS
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S RivaTuner32 - C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner32.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
2R ForceWare Intelligent Application Manager (IAM) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2R ForcewareWebInterface (Forceware Web Interface) - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
2R gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2S NICSer_WMP11 - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
2R nSvcIp (ForceWare IP service) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
2R nSvcLog (ForceWare user log service) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
2R nTuneService (nTune Service) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe"
2R SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe
2R TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"

-- Scheduled T--------
2007-02-23 18:15:47 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>

-- Files created between 2007-02-11 and 20---------
2007-03-11 20:31:38 212 --a------ C:\delete.bat
2007-03-11 00:04:49 1534 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-11 00:04:15 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-11 00:04:15 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-11 00:04:15 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-11 00:04:15 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-11 00:04:15 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-11 00:04:15 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-08 21:30:16 0 d-------- C:\Documents and Settings\Richard\.housecall6.6<HOUSEC~1.6>
2007-03-08 16:39:34 524288 --ah----- C:\Documents and Settings\Administrator.RICKY\NTUSER.DAT
2007-03-08 16:31:13 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-08 00:26:56 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-03-08 00:19:27 133632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe<SPOONU~1.EXE>
2007-03-06 07:54:01 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-03-06 07:54:01 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-03-06 07:54:00 344064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-03-06 07:54:00 487424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-03-06 07:54:00 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-03-06 00:04:53 0 d-------- C:\Program Files\HP
2007-03-06 00:04:53 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-06 00:02:57 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-28 22:44:04 356352 --a------ C:\WINDOWS\eSellerateEngine.dll<ESELLE~1.DLL>
2007-02-28 22:44:04 0 d-------- C:\Program Files\File Stitcher MP3<FILEST~1>
2007-02-28 22:41:28 0 d-------- C:\Documents and Settings\Richard\Application Data\Smith Micro<SMITHM~1>
2007-02-28 22:41:10 0 d-------- C:\Program Files\Smith Micro<SMITHM~1>
2007-02-28 21:52:24 0 d-------- C:\Program Files\Audacity
2007-02-27 23:42:30 0 d-------- C:\Documents and Settings\Richard\Application Data\Leadertech<LEADER~1>
2007-02-25 20:49:27 0 d-------- C:\Program Files\1964
2007-02-25 19:52:05 0 d-------- C:\Games
2007-02-20 01:22:45 4096 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-02-20 01:08:49 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-20 01:08:49 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-19 12:20:28 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-02-19 12:20:27 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-02-19 12:20:24 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-02-19 12:20:04 0 d-------- C:\Program Files\America's Army Server Manager<AMERIC~2>
2007-02-19 12:16:37 0 d-------- C:\Program Files\America's Army<AMERIC~1>
2007-02-16 23:35:20 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-02-16 23:32:06 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-16 18:37:51 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-16 00:12:39 0 d-------- C:\Program Files\Common Files\Vbox
2007-02-11 13:47:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater<GOOGLE~1>

-- Find3M Re----------
2007-03-11 02:02:21 2275328 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-03-08 23:33:04 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-08 22:39:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-08 19:30:28 0 d-------- C:\Documents and Settings\Richard\Application Data\AVG7
2007-03-06 22:56:59 0 d-------- C:\Documents and Settings\Richard\Application Data\uTorrent
2007-02-28 22:58:26 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-28 22:47:36 8 --a------ C:\Documents and Settings\Richard\Application Data\File Stitcher Prefs<FILEST~1>
2007-02-28 22:44:22 8 --a------ C:\Documents and Settings\Richard\Application Data\FS120Agreed<FS120A~1>
2007-02-28 00:22:24 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-27 18:23:46 0 d-------- C:\Program Files\PokerStars.NET<POKERS~1.NET>
2007-02-25 21:11:19 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition<CALLOF~1>
2007-02-20 01:43:53 0 d-------- C:\Program Files\NVIDIA Corporation<NVIDIA~1>
2007-02-20 01:08:43 0 d-------- C:\Program Files\Grisoft
2007-02-19 12:20:12 0 d---s---- C:\Documents and Settings\Richard\Application Data\Microsoft<MICROS~1>
2007-02-16 23:28:04 0 d-------- C:\Documents and Settings\Richard\Application Data\AdobeUM
2007-02-16 00:13:04 0 d-------- C:\Documents and Settings\Richard\Application Data\Macromedia<MACROM~1>
2007-02-16 00:12:21 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-02-16 00:12:21 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-11 13:48:47 0 d-------- C:\Documents and Settings\Richard\Application Data\Google
2007-02-11 13:48:39 0 d-------- C:\Program Files\Google
2007-02-05 17:08:11 0 d-------- C:\Program Files\Bethesda Softworks<BETHES~1>
2007-02-05 17:01:00 0 d-------- C:\Program Files\PowerISO
2007-02-05 16:58:31 0 d-------- C:\Program Files\MagicISO
2007-02-05 16:54:42 0 d-------- C:\Documents and Settings\Richard\Application Data\DivX
2007-02-03 02:28:28 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-03 02:23:03 0 d-------- C:\Program Files\Firefly Studios<FIREFL~1>
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-26 22:55:13 36851 --a------ C:\WINDOWS\DIIUnin.dat
2007-01-26 00:29:19 0 d-------- C:\Documents and Settings\Richard\Application Data\Adobe
2007-01-26 00:27:43 0 d-------- C:\Documents and Settings\Richard\Application Data\AdobeAUM
2007-01-25 02:12:32 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-01-25 02:12:32 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-01-25 01:30:46 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-01-25 01:30:46 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-01-25 01:30:46 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-01-23 19:55:15 0 d-------- C:\Documents and Settings\Richard\Application Data\CyberLink<CYBERL~1>
2007-01-23 19:54:07 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-01-23 19:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-01-23 19:45:51 0 d-------- C:\Program Files\DivX
2007-01-21 15:35:09 0 d-------- C:\Program Files\Microsoft Plus!<MICROS~2>
2007-01-21 15:27:50 0 d-------- C:\Program Files\Common Files\L&H
2007-01-21 15:27:43 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-01-21 15:27:36 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-01-21 15:27:09 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
2007-01-21 06:27:30 0 d-------- C:\Program Files\Windows Media Components<WI15DA~1>
2007-01-21 04:51:23 0 d-------- C:\Documents and Settings\Richard\Application Data\The Labyrinth Plus! Edition<THELAB~1>
2007-01-20 20:06:37 0 d-------- C:\Program Files\Hero Editor<HEROED~1>
2007-01-20 20:04:16 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-01-20 20:04:15 73216 --a------ C:\WINDOWS\ST6UNST.exe
2007-01-17 14:36:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-17 14:36:09 35190 --a------ C:\WINDOWS\scunin.dat
2007-01-17 14:36:08 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-01-16 09:00:03 12244687 -----n--- C:\AVG7QT.DAT
2007-01-16 00:43:11 1289 --a------ C:\WINDOWS\mozver.dat
2007-01-16 00:42:45 0 d-------- C:\Documents and Settings\Richard\Application Data\Sun
2007-01-16 00:42:20 0 d-------- C:\Program Files\Java
2007-01-16 00:41:19 0 d-------- C:\Program Files\Common Files\Java
2007-01-15 04:10:05 0 d-------- C:\Program Files\RivaTuner v2.0 Final Release<RIVATU~1.0FI>
2007-01-14 06:16:30 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-01-14 05:52:46 0 d-------- C:\Documents and Settings\Richard\Application Data\PC Tools<PCTOOL~1>
2007-01-13 19:10:25 0 d-------- C:\Program Files\Activision<ACTIVI~1>
2007-01-13 14:49:50 0 d-------- C:\Program Files\Linksys
2007-01-13 14:39:32 0 d-------- C:\Program Files\Linksys WAP11<LINKSY~1>
2007-01-13 12:18:27 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-01-13 12:16:09 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-12 18:08:31 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-12 18:08:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-12 18:08:24 109568 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-12 18:08:24 108544 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-12 18:08:20 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-12 18:08:20 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-12 18:03:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-12 18:03:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-12 18:03:30 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-12 18:03:29 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-12 18:03:29 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-12 18:03:29 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-12 18:03:29 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-12 18:03:29 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-12 18:03:26 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-12 18:03:26 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-12 18:03:26 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-12 18:03:26 635486 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-12 00:31:44 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-11 18:19:45 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2007-01-11 18:19:44 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-10 23:30:36 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-10 23:30:36 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-10 19:38:22 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-10 19:32:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-10 18:23:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-10 18:10:03 0 -rahs---- C:\MSDOS.SYS
2007-01-10 18:10:03 0 -rahs---- C:\IO.SYS
2007-01-10 18:10:03 0 --a------ C:\CONFIG.SYS
2007-01-10 18:10:03 0 --a------ C:\AUTOEXEC.BAT
2007-01-10 18:07:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

-- Registry ----------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"="Mixer.exe /startup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.exe "
"item"="Adobe Reader Synchronizer"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.exe -systray -startup"
"item"="Google Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B PCI Adapter Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Wireless-B PCI Adapter Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\Wireless-B PCI Adapter Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Linksys\\WIRELE~1\\WMP11Cfg.exe "
"item"="Wireless-B PCI Adapter Utility"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVerminser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AntiVerminser"
"hkey"="HKLM"
"command"="C:\\Program Files\\AntiVerminser\\AntiVerminser.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoltTrans]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inter amen"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Richard\\APPLIC~1\\INSIDE~1\\inter amen.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb09"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nTrayFw"
"hkey"="HKLM"
"command"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pure noun sect long]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Amokdelete"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\team inter pure noun\\Amokdelete.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SkyTel"
"hkey"="HKLM"
"command"="SkyTel.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\SPYWAR~1\\swdoctor.exe /Q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- H------------------
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
60 more entries in hosts file.

-- End of ComboScan: finished at 2007-03-11 at 20:3

Response Number 7

Name: jabuck
Date: March 12, 2007 at 15:07:48 Pacific

Reply:

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Run Hijack This> click "open the misc. tool section"> click "open uninstall manager"> click "save list"> click "save"> click "yes"> post that log please.

Response Number 8

Name: guitarmonkeys04
Date: March 12, 2007 at 16:57:07 Pacific

Reply:

SmitFraudFix v2.148
Scan done at 16:50:59.43, Mon 03/12/2007
Run from C:\Documents and Settings\Richard\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\Richard\FAVORI~1\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

µTorrent
AC3Filter (remove only)
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
America's Army
Audacity 1.2.6
AVG 7.5
Call of Duty Game of the Year Edition
Call of Duty(R) 2
Diablo II
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
FEAR
File Stitcher MP3 Edition version 1.2.0
Google Earth
Google Updater
Hero Editor V0.95
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 5100
J2SE Runtime Environment 5.0 Update 10
Macromedia Flash MX
Magic ISO Maker v5.3 (build 0229)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.2)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nTune
NVIDIA PureVideo Decoder
Oblivion
PCI Audio Driver
PokerStars.net
PowerISO
Realtek High Definition Audio Driver
RivaTuner v2.0 Final Release
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Starcraft
Stronghold 2
StuffIt Standard
TuneUp Utilities 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
WAP11 Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wireless-B PCI Adapter WLAN Monitor

Response Number 9

Name: jabuck
Date: March 12, 2007 at 19:23:39 Pacific

Reply:

Download "HostXpert" from this link HostXpert to your desktop. Open it and click "restore microsofts host file" and nothing else. Then delete the program.
Run Hijack This in normal mode, close all windows and browsers except Hijack This, place a check to the left of the following items and press"fix checked":
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
Exit hijack This
Go to this link, http://virusscan.jotti.org/ and use the "browse" button to locate this file:
C:\Documents and Settings\All Users\Application Data\team inter pure noun\Amokdelete.exe
then double click the file to enter it into the "upload and scan box", click submit then post the results.
Post a new comboscan please.

Response Number 10

Name: guitarmonkeys04
Date: March 12, 2007 at 20:07:06 Pacific

Reply:

Several problems, after running host expert.... I opened hijackthis, the file was not listed there.... I also could not find the file
C:\Documents and Settings\All Users\Application Data\team inter pure noun\Amokdelete.exe
at virusscan

Response Number 11

Name: jabuck
Date: March 12, 2007 at 20:30:08 Pacific

Reply:

The file would not be listed in Hijack This.
Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate this file
C:\Documents and Settings\All Users\Application Data\team inter pure noun\Amokdelete.exe
then double click the file to enter it into the "upload and scan box", click send then post the results.
To get to the file using the browse button click "browse">in the box that appears click the drop down arrow on the far right of "Lookin"> click "local disk C:"> click "documents and Settings"> click "Application Data"> click " team inter pure noun"> double click "Amokdelete.exe"> click send.
Wait on the results then copy/paste it into your next post.
Then post a new comboscan please.

Response Number 12

Name: guitarmonkeys04
Date: March 12, 2007 at 20:57:39 Pacific

Reply:

sorry, what I meant was...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
is not listed in hijackthis, and
C:\Documents and Settings\All Users\Application Data\team inter pure noun\Amokdelete.exe
is not listed on virustotal or virusscan...

Response Number 13

Name: jabuck
Date: March 13, 2007 at 16:23:23 Pacific

Reply:

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Run Hijack This from normal mode, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWSabout.htm
C:\Documents and Settings\All Users\Application Data\team inter pure noun\Amokdelete.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.
If your computer does not restart automatically, please restart it manually.
Next navigate to and delete this folder if found:
C:\Documents and Settings\All Users\Application Data\team inter pure noun

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG-AntiSpyware report and a new comboscan please.

Sponsored Link

Ads by Google

Can't open Google

system alert pop up

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Keyboard/Mouse Virus?!?!

possible keyboard/mouse virus?

Summary

www.computing.net/answers/security/possible-keyboardmouse-virus/21368.html

uncontrollable mouse virus

Summary

www.computing.net/answers/security/uncontrollable-mouse-virus/6635.html

post virus keyboard n mouse issues

Summary

www.computing.net/answers/security/post-virus-keyboard-n-mouse-issues/16730.html

From the Geek Dictionary
application - An application is any program that performs a usefull operation. There are ...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
scanningwithout programming

I would not able to utilize my dvd/rw drive

Abt Virus

BSOD Lock Out

Windows Security Alert freezing my laptop!

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE