I am having some problems finding information to get rid of this virus....i have run many different scans but it keeps popping up in my Avast Antivirus. Please help! Thanks!
Im dealing with the Zlober trojan!
Also there pop up in avast periodically:
Win32:Agent-LTS [Trj]
Win32:Adware-gen [Adw]
These are some of the files Avast says they are showing up in repeatedly:
C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe
C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\ac8zt2\msmdev.dll
C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\ac8zt2\nsduo.dll
C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\ac8zt2\rmv.exe
C:\WINDOWS\msmhost.dll
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:38:06 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\VundoFix.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172103685218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172104294193
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmkret - {6199DE16-9456-4A99-8CFD-48CD512AB79B} - C:\WINDOWS\pmkret.dll
O21 - SSODL: gormet - {D33F4E9A-BD90-418C-8599-E01C42FF7561} - C:\WINDOWS\gormet.dll (file missing)
O21 - SSODL: msmhost - {7A7CAA51-CEFB-4F97-A735-AF12D4221CD6} - C:\WINDOWS\msmhost.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6746 bytes
I have also ran "ComboFix" per some other threads i have read.... here is the log it generated....
ComboFix Log
ComboFix 07-11-19.3 - Kenneth and Crystal 2007-11-25 23:04:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.640 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth and Crystal\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-25 21:24 <DIR> d-------- C:\VundoFix Backups
2007-11-25 21:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 21:06 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-25 21:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-25 15:10 <DIR> d-------- C:\Program Files\Law And Order The Vengeful Heart
2007-11-25 15:09 <DIR> d-------- C:\Program Files\Jewels of Cleopatra
2007-11-25 15:07 <DIR> d-------- C:\Program Files\Jets N Guns
2007-11-25 15:04 <DIR> d-------- C:\Program Files\Empires & Dungeons
2007-11-25 15:03 <DIR> d-------- C:\Program Files\Dracula Twins
2007-11-25 15:00 <DIR> d-------- C:\Program Files\Diego`s Dinosaur Adventure
2007-11-25 14:59 <DIR> d-------- C:\Program Files\Diamond Detective
2007-11-25 14:15 319,488 --a------ C:\WINDOWS\werbetdqw.dll
2007-11-25 14:15 284,160 --a------ C:\WINDOWS\pmkret.dll
2007-11-25 14:15 192,512 --a------ C:\WINDOWS\hdtip.dll
2007-11-25 14:15 151,552 --a------ C:\WINDOWS\monhop.exe
2007-11-24 23:29 <DIR> d-------- C:\Program Files\Zodiac Tower
2007-11-24 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-23 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-11-23 18:45 <DIR> d-------- C:\Program Files\Mystery Solitaire Secret Island
2007-11-23 18:42 <DIR> d-------- C:\Program Files\Kitty Luv
2007-11-23 18:41 <DIR> d-------- C:\Program Files\Da Vincis Secret
2007-11-23 18:40 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-11-23 18:39 <DIR> d-------- C:\Program Files\Casino Island To Go
2007-11-23 18:39 <DIR> d-------- C:\Program Files\BFG
2007-11-23 18:38 <DIR> d-------- C:\Program Files\Brave Dwarves 2
2007-11-23 18:34 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-23 18:34 <DIR> d-------- C:\Program Files\Bookworm Adventures Deluxe
2007-11-23 18:25 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-23 14:00 <DIR> d-------- C:\Program Files\OpenAL
2007-11-22 16:18 <DIR> d-------- C:\Program Files\Armadillo Run
2007-11-01 14:21 <DIR> d-------- C:\Program Files\Ubi Soft
2007-10-28 13:21 <DIR> d-------- C:\Documents and Settings\Kenneth and Crystal\Application Data\SecondLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:18 --------- d-----w C:\Program Files\Weather Watcher
2007-11-23 23:21 --------- d-----w C:\Documents and Settings\Kenneth and Crystal\Application Data\Azureus
2007-11-23 23:20 --------- d-----w C:\Program Files\Azureus
2007-11-23 19:00 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-11-23 19:00 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-17 17:46 --------- d-----w C:\Documents and Settings\Kenneth and Crystal\Application Data\Skype
2007-11-12 00:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 19:41 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 17:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-28 22:21 --------- d-----w C:\Program Files\Punch! Pro - Platinum
2007-10-28 22:17 --------- d-----w C:\Program Files\VirtualDJ
2007-10-28 22:17 --------- d-----w C:\Program Files\Morpheus Photo Animation Suite
2007-10-28 22:15 --------- d-----w C:\Program Files\America's Army
2007-10-28 18:42 --------- d-----w C:\Program Files\SecondLife
2007-10-13 15:25 --------- d-----w C:\Program Files\Java
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
2007-11-24 10:53 319488 --a------ C:\WINDOWS\werbetdqw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85B2F289-7128-4C5A-A330-F9FC01432D3A}"= C:\WINDOWS\hdtip.dll [2007-11-24 10:53 192512]
[HKEY_CLASSES_ROOT\clsid\{85b2f289-7128-4c5a-a330-f9fc01432d3a}]
[HKEY_CLASSES_ROOT\hdtip.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}]
[HKEY_CLASSES_ROOT\hdtip.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 12:02 C:\WINDOWS\soundman.exe]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 08:08]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-03-07 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-04-22 23:24 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pmkret"= {6199DE16-9456-4A99-8CFD-48CD512AB79B} - C:\WINDOWS\pmkret.dll [2007-11-24 10:52 284160]
"gormet"= {D33F4E9A-BD90-418C-8599-E01C42FF7561} - C:\WINDOWS\gormet.dll [ ]
R3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 12:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 23:05:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 23:06:53
.
--- E O F ---
Also here is A Deckard's Scan, maybe all this plethera of info will help...
Dackard's Scan
Deckard's System Scanner v20071014.68
Run by Kenneth and Crystal on 2007-11-25 23:10:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
24: 2007-11-26 04:10:38 UTC - RP321 - Deckard's System Scanner Restore Point
23: 2007-11-26 04:03:51 UTC - RP320 - ComboFix created restore point
22: 2007-11-25 07:09:57 UTC - RP319 - System Checkpoint
21: 2007-11-24 06:39:36 UTC - RP318 - System Checkpoint
20: 2007-11-23 02:48:42 UTC - RP317 - System Checkpoint
-- First Restore Point --
1: 2008-07-05 15:11:31 UTC - RP298 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-25 23:12:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\VundoFix.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kenneth and Crystal\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172103685218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172104294193
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - SSODL: pmkret - {6199DE16-9456-4A99-8CFD-48CD512AB79B} - C:\WINDOWS\pmkret.dll
O21 - SSODL: gormet - {D33F4E9A-BD90-418C-8599-E01C42FF7561} - C:\WINDOWS\gormet.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6748 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 CoachCap (Concord EyeQ Duo 2000 USB Video Capture V1.00) - c:\windows\system32\drivers\coachcap.sys <Not Verified; Zoran Microelectronics Ltd.; Zoran COACH>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10B9&DEV_5239&SUBSYS_527210B9&REV_01\3&61AAA01&0&53
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10B9&DEV_5239&SUBSYS_527210B9&REV_01\3&61AAA01&0&53
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-11-22 07:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-25 and 2007-11-25 -----------------------------
2007-11-25 22:15:19 2822 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-25 21:24:55 0 d-------- C:\VundoFix Backups
2007-11-25 21:06:25 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 21:06:17 0 d-------- C:\WINDOWS\LastGood
2007-11-25 20:32:44 0 d-------- C:\bfu
2007-11-25 15:10:44 0 d-------- C:\Program Files\Law And Order The Vengeful Heart
2007-11-25 15:09:16 0 d-------- C:\Program Files\Jewels of Cleopatra
2007-11-25 15:07:54 0 d-------- C:\Program Files\Jets N Guns
2007-11-25 15:04:00 0 d-------- C:\Program Files\Empires & Dungeons
2007-11-25 15:03:07 0 d-------- C:\Program Files\Dracula Twins
2007-11-25 15:00:37 0 d-------- C:\Program Files\Diego`s Dinosaur Adventure
2007-11-25 14:59:59 0 d-------- C:\Program Files\Diamond Detective
2007-11-25 14:15:15 319488 --a------ C:\WINDOWS\werbetdqw.dll <Not Verified; ; werbetdqw>
2007-11-25 14:15:15 284160 --a------ C:\WINDOWS\pmkret.dll
2007-11-25 14:15:15 151552 --a------ C:\WINDOWS\monhop.exe
2007-11-25 14:15:15 192512 --a------ C:\WINDOWS\hdtip.dll <Not Verified; ; hdtip Module>
2007-11-24 23:29:32 0 d-------- C:\Program Files\Zodiac Tower
2007-11-24 00:57:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-23 19:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-11-23 18:45:43 0 d-------- C:\Program Files\Mystery Solitaire Secret Island
2007-11-23 18:42:28 0 d-------- C:\Program Files\Kitty Luv
2007-11-23 18:41:20 0 d-------- C:\Program Files\Da Vincis Secret
2007-11-23 18:40:30 0 d-------- C:\Program Files\Yahoo! Games
2007-11-23 18:39:25 0 d-------- C:\Program Files\Casino Island To Go
2007-11-23 18:39:25 0 d-------- C:\Program Files\BFG
2007-11-23 18:38:45 0 d-------- C:\Program Files\Brave Dwarves 2
2007-11-23 18:34:43 0 d-------- C:\Program Files\Bookworm Adventures Deluxe
2007-11-23 18:34:28 0 d-------- C:\Program Files\ReflexiveArcade
2007-11-23 18:25:10 0 d-------- C:\Program Files\Microsoft Games
2007-11-23 14:00:30 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-11-23 14:00:30 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-11-23 14:00:30 0 d-------- C:\Program Files\OpenAL
2007-11-22 16:18:38 0 d-------- C:\Program Files\Armadillo Run
2007-11-01 14:21:26 0 d-------- C:\Program Files\Ubi Soft
2007-10-28 13:22:09 0 d-------- C:\Documents and Settings\Kenneth and Crystal\Application Data\Mozilla
2007-10-28 13:21:37 0 d-------- C:\Documents and Settings\Kenneth and Crystal\Application Data\SecondLife
2007-10-25 20:59:17 0 d-------- C:\Program Files\SecondLife
-- Find3M Report ---------------------------------------------------------------
2007-11-25 14:18:21 0 d-------- C:\Program Files\Weather Watcher
2007-11-23 18:21:52 0 d-------- C:\Documents and Settings\Kenneth and Crystal\Application Data\Azureus
2007-11-23 18:20:56 0 d-------- C:\Program Files\Azureus
2007-11-17 12:46:10 0 d-------- C:\Documents and Settings\Kenneth and Crystal\Application Data\Skype
2007-11-11 19:16:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 17:21:49 0 d-------- C:\Program Files\Punch! Pro - Platinum
2007-10-28 17:17:30 0 d-------- C:\Program Files\VirtualDJ
2007-10-28 17:17:04 0 d-------- C:\Program Files\Morpheus Photo Animation Suite
2007-10-28 17:15:40 0 d-------- C:\Program Files\America's Army
2007-10-13 10:25:05 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
11/24/2007 10:53 AM 319488 --a------ C:\WINDOWS\werbetdqw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [05/29/2001 12:02 PM C:\WINDOWS\soundman.exe]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [02/13/2004 08:08 AM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [03/07/2002 09:50 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/22/2004 11:24 PM]
"nwiz"="nwiz.exe" [04/22/2004 11:24 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [04/22/2004 11:24 PM]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 05:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 03:51 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [01/19/2007 12:49 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [10/28/2005 03:25 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pmkret"= {6199DE16-9456-4A99-8CFD-48CD512AB79B} - C:\WINDOWS\pmkret.dll [11/24/2007 10:52 AM 284160]
"gormet"= {D33F4E9A-BD90-418C-8599-E01C42FF7561} - C:\WINDOWS\gormet.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2007-11-25 23:13:10 ------------
Strange Thing!! I cannot locate where my Ad-Aware saves it's logs...i looked it up in the configuration of the program itself and its says it saves them to "C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs"
i go and look but there is no "Application Data" folder in the Documents and Settings folder Under All Users or any folder for that matter....