1. Disable UAC
Click Start->>Control Panel
Select User Accounts->>Turn User Account Control on or off
Uncheck "Use User Account Control (UAC) to help protect your computer
Select O.K.->>Then Restart your computer by Selecting "Restart Now"
3D Groove Playback Engine Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11 AOL Instant Messenger Conexant HD Audio HDAUDIO Soft Data Fax Modem with SmartCP DVD Shrink 3.2 Contextual Application Trueads Microsoft Office Enterprise 2007 Free 3GP Video Converter version 3.1 Intel(R) Graphics Media Accelerator Driver HijackThis 2.0.2 HP Imaging Device Functions 8.0 HP Solution Center 8.0 HP OCR Software 8.0 TBS WMP Plug-in SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Security Update for CAPICOM (KB931906) Security Update for Windows Media Encoder (KB954156) Messenger Plus! Live Microsoft .NET Framework 3.5 SP1 Microsoft SQL Server 2005 Mozilla Firefox (3.0.11) OmniMouse Driver 3.82 QuickTime Alternative 2.7.0 Real Alternative 1.60 Lite SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem Software SAMSUNG Mobile USB Modem 1.0 Software Sandlot Games Client Services Switch Sound File Converter The Weather Channel Desktop Uninstall 1.0.0.1 Viewpoint Media Player Virtools 3D Life Player VideoLAN VLC media player 0.8.6e Windows Live OneCare safety scanner Windows Media Encoder 9 Series WinRAR archiver Roxio Creator Tools HP Doc Viewer AIO_Scan Roxio Creator Data FxBear MOV Video Converter Security Update for CAPICOM (KB931906) Roxio Creator EasyArchive TBS WMP Plug-in ESU for Microsoft Vista Scan WebReg AutoUpdate HPNetworkAssistant HP Deskjet All-In-One Software 8.0 ActiveCheck component for HP Active Support Library Java(TM) 6 Update 13 Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) Rhapsody Player Engine HP Quick Launch Buttons 6.20 B1 Roxio Activation Module VCRedistSetup HP User Guides 0060 HP Easy Setup - Frontend RTC Client API v1.2 Windows Live Sign-in Assistant HP QuickPlay 3.2 DocProc Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer neroxml Windows Live Messenger Microsoft Office Live Add-in 1.3 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Roxio Creator Copy DJ_AIO_ProductContext Activation Assistant for the 2007 Microsoft Office suites HPAsset component for HP Active Support Library eSupportQFolder HPProductAssistant Windows Media Player Firefox Plugin HP Active Support Library 32 bit components Samsung PC Studio 3 Microsoft Visual C++ 2005 Redistributable Nero 7 Ultra Edition VC80CRTRedist - 8.0.50727.762 ConvertXtoDVD 3.1.2.34 Sony Vegas Pro 8.0 F4100 USB Video Camera MSXML 4.0 SP2 (KB954430) DocProcQFolder Microsoft Silverlight QuickTime Sony Media Manager 2.3 Choice Guard Microsoft Office Access MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Update for Microsoft Office Access 2007 Help (KB957241) Microsoft Office Excel MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office PowerPoint MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Publisher MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Outlook MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Word MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Proof (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Proof (French) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Proof (Spanish) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Proofing (English) 2007 Microsoft Office Enterprise 2007 Update for Microsoft Office Outlook 2007 (KB952142) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB954326) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB951944) Update for Office 2007 (KB946691) Security Update for 2007 Microsoft Office System (KB951550) 2007 Microsoft Office Suite Service Pack 1 (SP1) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Word 2007 (KB969604) Update for Outlook 2007 Junk Email Filter (kb970012) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office Publisher 2007 (KB950114) Microsoft Office InfoPath MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Update for Microsoft Office InfoPath 2007 Help (KB957243) Microsoft Office Shared MUI (English) 2007 Update for Microsoft Office 2007 Help for Common Features (KB957244) 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office OneNote MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Groove MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Groove Setup Metadata MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Shared Setup Metadata MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Microsoft Office Access Setup Metadata MUI (English) 2007 2007 Microsoft Office Suite Service Pack 1 (SP1) Intel® Matrix Storage Manager Microsoft Application Error Reporting Microsoft Office Outlook Connector Status Destinations HP Active Support Library DJ_AIO_Software Radioshack USB-to-Serial cable Touch Pad Driver Windows Live Sync SolutionCenter Copy LightScribe 1.4.136.1 DeviceManagementQFolder Adobe Reader 8.1.5 KB408682 F4100_Help Windows Movie Maker 2.6 DivX Web Player Microsoft SQL Server Native Client BufferChm MSXML 4.0 SP2 (KB936181) Samsung PC Studio 3 Toolbox HP Update Marvell Miniport Driver Microsoft .NET Framework 3.5 SP1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Wireless Assistant Microsoft XML Parser DJ_AIO_Software_min UnloadSupport Windows Media Encoder 9 Series SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 32 Bit HP CIO Components Installer MSCU for Microsoft Vista HP Active Support Library 32 bit components Windows Live OneCare safety scanner TrayApp
======== Other Info ========
TOTAL PHYSICAL RAM: 2137 MB
Boot Info
OS Type: Microsoft® Windows Vista™ Home Premium Build: 6.0.6001 Service Pack: 1.0
1. Please download
The Avenger by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop(How to extract (decompress) zipped or compressed files, help in the link here: )
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete: C:\Windows\system32\nsfEC72.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
Run an online virus scan called
Kaspersky from
HERE.
[1.] At the main page. Press on " Accept". After reading the contents. [2.] At the next window Select Update. Allow the Database to update. Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run. [3.] Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete. [4.] Select Scan Report. [5.] If any threats were found they will appear in the report [6.] Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt [7.] Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well
Scan took a couple of HOURS. Now, Mozilla Popups are still showing up randomly.
-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, June 17, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, June 17, 2009 18:46:42 Records in database: 2358044 --------------------------------------------------------------------------------
Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes
Scan area - My Computer: C:\ D:\ E:\
Scan statistics: Files scanned: 143240 Threat name: 19 Infected objects: 64 Suspicious objects: 0 Duration of the scan: 04:25:03
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete: C:\Program Files\BPK\iseeyouhk.dll C:\Program Files\BPK\iseeyouun.exe C:\Program Files\BPK\iseeyouvw.exe C:\Windows\System32\mncfcbev.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
I don't use IE anymore, but when I do yes, I did get them. I also get them right now with Firefox. There the ad pop ups that say something like "i make $127/hour with google" or scam like that.
bamajim
10.4K Posts
0
June 12th, 2009 07:00
If you have not already done so:
1. Disable UAC
Click Start->>Control Panel
Select User Accounts->>Turn User Account Control on or off
Uncheck "Use User Account Control (UAC) to help protect your computer
Select O.K.->>Then Restart your computer by Selecting "Restart Now"
2. Go HERE and download File Lister.
Copy and paste the contents of that log in your reply.
bizkid10
52 Posts
0
June 12th, 2009 15:00
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.1 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++
Report ran on --->>> 6/12/2009 5:12:39 PM
====== Running Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\StiD1690.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
====== BHO's ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: (NO NAME) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO: (NO NAME) - {f070c14f-4336-a245-4088-f01c5326ee61} - C:\Windows\system32\nsfEC72.dll
====== HKLM\~\Run Keys ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[Apoint] = C:\Program Files\Apoint2K\Apoint.exe
[IAAnotif] = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
[QPService] = "C:\Program Files\HP\QuickPlay\QPService.exe"
[QlbCtrl] = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
[HP Health Check Scheduler] = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[hpWirelessAssistant] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[WAWifiMessage] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HP Software Update] = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[LWBMOUSE] = C:\Program Files\Omni\OmniMouse Driver\3.82\MOUSE32A.EXE
[NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[Waiting1690] = C:\Windows\stid1690.exe
[QuickTime Task] = "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
[IgfxTray] = C:\Windows\system32\igfxtray.exe
[HotKeysCmds] = C:\Windows\system32\hkcmd.exe
[Persistence] = C:\Windows\system32\igfxpers.exe
[Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[WinampAgent] = "C:\Program Files\Winamp\winampa.exe"
[SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe"
[Windows Mobile-based device management] = %windir%\WindowsMobile\wmdSync.exe
====== HKCU\~\Run Keys ======
[Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[CollaborationHost] = C:\Windows\system32\p2phost.exe -s
[ehTray.exe] = C:\Windows\ehome\ehTray.exe
[ISUSPM] = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
====== DNS Info (List may be empty) ======
HKEY_LOCAL_MACHINE\CCS\~\{030235B6-6C72-4C7C-8620-E5B3CC5E6A59}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{9708874A-DEBA-4B4A-8EDD-F2926EFC0000}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{030235B6-6C72-4C7C-8620-E5B3CC5E6A59}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{9708874A-DEBA-4B4A-8EDD-F2926EFC0000}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{030235B6-6C72-4C7C-8620-E5B3CC5E6A59}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{9708874A-DEBA-4B4A-8EDD-F2926EFC0000}\ NameServer=
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
6/12/2009 5:12:39 PM 6366 32 C:\Files.txt
5/11/2009 12:54:44 AM 43008 32 C:\movie.MSWMM
5/14/2009 11:24:10 AM 1652551 C:\Windows\System32\Samsung_USB_Drivers
5/14/2009 11:24:10 AM 351808 C:\Windows\System32\Samsung_USB_Drivers\1
5/14/2009 11:24:10 AM 233256 C:\Windows\System32\Samsung_USB_Drivers\1\i386
5/14/2009 11:24:30 AM 357805 C:\Windows\System32\Samsung_USB_Drivers\2
5/14/2009 11:24:31 AM 233256 C:\Windows\System32\Samsung_USB_Drivers\2\i386
5/14/2009 11:24:42 AM 591445 C:\Windows\System32\Samsung_USB_Drivers\5
5/14/2009 11:24:42 AM 435840 C:\Windows\System32\Samsung_USB_Drivers\5\i386
5/14/2009 11:24:51 AM 351493 C:\Windows\System32\Samsung_USB_Drivers\6
5/14/2009 11:24:51 AM 232192 C:\Windows\System32\Samsung_USB_Drivers\6\i386
5/24/2009 11:45:10 PM 85665 32 C:\Windows\System32\e15d3e60-e7d6-2471-d00f-1b6b2863752d.exe
6/11/2009 3:26:34 PM 389632 32 C:\Windows\System32\html.iec
6/11/2009 3:26:34 PM 230400 32 C:\Windows\System32\ieaksie.dll
6/11/2009 3:26:35 PM 389120 32 C:\Windows\System32\iedkcs32.dll
6/11/2009 3:26:33 PM 78336 32 C:\Windows\System32\ieencode.dll
6/11/2009 3:26:36 PM 6069248 32 C:\Windows\System32\ieframe.dll
6/11/2009 3:26:35 PM 270848 32 C:\Windows\System32\iertutil.dll
6/11/2009 3:26:34 PM 26624 32 C:\Windows\System32\ieUnatt.exe
6/11/2009 3:26:32 PM 28160 32 C:\Windows\System32\jsproxy.dll
6/11/2009 3:26:51 PM 636928 32 C:\Windows\System32\localspl.dll
6/11/2009 3:26:35 PM 458240 32 C:\Windows\System32\msfeeds.dll
6/11/2009 3:26:39 PM 3581952 32 C:\Windows\System32\mshtml.dll
6/11/2009 3:26:31 PM 1383424 32 C:\Windows\System32\mshtml.tlb
6/11/2009 3:26:32 PM 671232 32 C:\Windows\System32\mstime.dll
5/29/2009 1:03:44 PM 1347584 32 C:\Windows\System32\nsfEC72.dll
6/11/2009 3:26:34 PM 102912 32 C:\Windows\System32\occache.dll
6/11/2009 3:26:46 PM 784896 32 C:\Windows\System32\rpcrt4.dll
5/31/2009 11:46:57 AM 2326 32 C:\Windows\System32\test.prx
5/14/2009 11:23:38 AM 766 32 C:\Windows\System32\Uninstall.ico
6/11/2009 3:26:36 PM 1166336 32 C:\Windows\System32\urlmon.dll
6/11/2009 3:26:54 PM 2033152 32 C:\Windows\System32\win32k.sys
6/11/2009 3:26:35 PM 827904 32 C:\Windows\System32\wininet.dll
====== Files under "\Administrator\Startup" Last 60 Days======
====== Files under "\All Users\Startup" Last 60 Days======
====== Files and Folders under "\Program Files" Last 60 Days======
6/11/2009 3:02:00 AM 0 C:\Program Files\Google Video
5/25/2009 12:23:36 AM 1234 C:\Program Files\Rhapsody
5/2/2009 7:28:37 PM 152670420 C:\Program Files\Samsung
6/10/2009 8:33:45 PM 405341 C:\Program Files\Trend Micro
5/23/2009 3:18:09 PM 15 C:\Program Files\Webteh
====== Files under "\System32\Drivers" Last 60 Days======
5/2/2009 7:28:41 PM 80552 32 C:\Windows\System32\drivers\sscdbus.sys
5/2/2009 7:28:41 PM 9256 32 C:\Windows\System32\drivers\sscdcm.sys
5/2/2009 7:28:41 PM 9256 32 C:\Windows\System32\drivers\sscdcmnt.sys
5/2/2009 7:28:41 PM 11944 32 C:\Windows\System32\drivers\sscdmdfl.sys
5/2/2009 7:28:41 PM 106792 32 C:\Windows\System32\drivers\sscdmdm.sys
5/2/2009 7:28:41 PM 9256 32 C:\Windows\System32\drivers\sscdwh.sys
5/2/2009 7:28:41 PM 9256 32 C:\Windows\System32\drivers\sscdwhnt.sys
5/14/2009 11:23:12 AM 5632 32 C:\Windows\System32\drivers\StarOpen.sys
====== Files Deleted under "%Temp%" ======
766 Files deleted
====== Files and Folders under "All Users\Application Data" Last 60 Days======
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\AIM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
====== Services ( Services that are Whitelisted are not shown) ======
adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
ApfiltrService (Alps Pointing-device Filter Driver)- C:\Windows\system32\DRIVERS\Apfiltr.sys - Manual/Running
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver)- C:\Windows\system32\DRIVERS\bcmwl6.sys - Manual/Stopped
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
CAM1690 (USB PC Camera)- C:\Windows\system32\Drivers\cam1690.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
CnxtHdAudService (Conexant UAA Function Driver for High Definition Audio Service)- C:\Windows\system32\drivers\CHDRT32.sys - Manual/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
Dot4 (MS IEEE-1284.4 Driver)- C:\Windows\system32\DRIVERS\Dot4.sys - Manual/Stopped
Dot4Print (Print Class Driver for IEEE-1284.4)- C:\Windows\system32\DRIVERS\Dot4Prt.sys - Manual/Stopped
dot4usb (MS Dot4USB Filter Dot4USB Filter)- C:\Windows\system32\DRIVERS\dot4usb.sys - Manual/Stopped
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Running
E100B (Intel(R) PRO Adapter Driver)- C:\Windows\system32\DRIVERS\e100b325.sys - Manual/Stopped
E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
eabfiltr (eabfiltr)- C:\Windows\system32\DRIVERS\eabfiltr.sys - System/Running
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HBtnKey (HBtnKey)- C:\Windows\system32\DRIVERS\cpqbttn.sys - Manual/Running
HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service)- C:\Windows\system32\drivers\CHDART.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
HSFHWAZL (HSFHWAZL)- C:\Windows\system32\DRIVERS\VSTAZL3.SYS - Manual/Stopped
HSF_DPV (HSF_DPV)- C:\Windows\system32\DRIVERS\HSX_DPV.sys - Manual/Running
HSXHWAZL (HSXHWAZL)- C:\Windows\system32\DRIVERS\HSXHWAZL.sys - Manual/Running
iaStor (Intel AHCI Controller)- C:\Windows\system32\DRIVERS\iaStor.sys - Boot/Running
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Disabled/Stopped
igfx (igfx)- C:\Windows\system32\DRIVERS\igdkmd32.sys - Manual/Running
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Running
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Running
LxrSII1d (Secure II Driver)- \??\C:\Windows\system32\Drivers\LxrSII1d.sys - Auto/Running
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Running
NETw4v32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw4v32.sys - Manual/Stopped
NETw5v32 (Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw5v32.sys - Manual/Running
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
pcouffin (VSO Software pcouffin)- C:\Windows\system32\Drivers\pcouffin.sys - Manual/Running
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Running
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
rimmptsk (rimmptsk)- C:\Windows\system32\DRIVERS\rimmptsk.sys - Auto/Running
rimsptsk (rimsptsk)- C:\Windows\system32\DRIVERS\rimsptsk.sys - Auto/Running
RimUsb (BlackBerry Smartphone)- C:\Windows\system32\Drivers\RimUsb.sys - Manual/Stopped
RimVSerPort (RIM Virtual Serial Port v2)- C:\Windows\system32\DRIVERS\RimSerial.sys - Manual/Stopped
rismxdp (Ricoh xD-Picture Card Driver)- C:\Windows\system32\DRIVERS\rixdptsk.sys - Auto/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Running
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
sdbus (sdbus)- C:\Windows\system32\DRIVERS\sdbus.sys - Manual/Running
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Running
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Running
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Running
sscdbus (SAMSUNG USB Composite Device driver (WDM))- C:\Windows\system32\DRIVERS\sscdbus.sys - Manual/Stopped
sscdmdfl (SAMSUNG Mobile Modem Filter)- C:\Windows\system32\DRIVERS\sscdmdfl.sys - Manual/Stopped
sscdmdm (SAMSUNG Mobile Modem Drivers)- C:\Windows\system32\DRIVERS\sscdmdm.sys - Manual/Stopped
StarOpen (StarOpen)- C:\Windows\system32\drivers\StarOpen.sys - System/Running
tapvpn (TAP VPN Adapter)- C:\Windows\system32\DRIVERS\tapvpn.sys - Manual/Stopped
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Running
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Running
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Running
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Running
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
USBSER34 (USBSER34)- C:\Windows\system32\Drivers\USBSER34.SYS - Manual/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Running
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
winusb (WinUSB Service)- C:\Windows\system32\DRIVERS\winusb.sys - Manual/Stopped
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Running
XAudio (XAudio)- C:\Windows\system32\DRIVERS\xaudio.sys - Auto/Running
yukonwlh (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)- C:\Windows\system32\DRIVERS\yk60x86.sys - Manual/Running
====== Uninstall List ======
3D Groove Playback Engine
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
AOL Instant Messenger
Conexant HD Audio
HDAUDIO Soft Data Fax Modem with SmartCP
DVD Shrink 3.2
Contextual Application Trueads
Microsoft Office Enterprise 2007
Free 3GP Video Converter version 3.1
Intel(R) Graphics Media Accelerator Driver
HijackThis 2.0.2
HP Imaging Device Functions 8.0
HP Solution Center 8.0
HP OCR Software 8.0
TBS WMP Plug-in
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Encoder (KB954156)
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft SQL Server 2005
Mozilla Firefox (3.0.11)
OmniMouse Driver 3.82
QuickTime Alternative 2.7.0
Real Alternative 1.60 Lite
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 Software
Sandlot Games Client Services
Switch Sound File Converter
The Weather Channel Desktop
Uninstall 1.0.0.1
Viewpoint Media Player
Virtools 3D Life Player
VideoLAN VLC media player 0.8.6e
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
WinRAR archiver
Roxio Creator Tools
HP Doc Viewer
AIO_Scan
Roxio Creator Data
FxBear MOV Video Converter
Security Update for CAPICOM (KB931906)
Roxio Creator EasyArchive
TBS WMP Plug-in
ESU for Microsoft Vista
Scan
WebReg
AutoUpdate
HPNetworkAssistant
HP Deskjet All-In-One Software 8.0
ActiveCheck component for HP Active Support Library
Java(TM) 6 Update 13
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
Rhapsody Player Engine
HP Quick Launch Buttons 6.20 B1
Roxio Activation Module
VCRedistSetup
HP User Guides 0060
HP Easy Setup - Frontend
RTC Client API v1.2
Windows Live Sign-in Assistant
HP QuickPlay 3.2
DocProc
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
neroxml
Windows Live Messenger
Microsoft Office Live Add-in 1.3
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Copy
DJ_AIO_ProductContext
Activation Assistant for the 2007 Microsoft Office suites
HPAsset component for HP Active Support Library
eSupportQFolder
HPProductAssistant
Windows Media Player Firefox Plugin
HP Active Support Library 32 bit components
Samsung PC Studio 3
Microsoft Visual C++ 2005 Redistributable
Nero 7 Ultra Edition
VC80CRTRedist - 8.0.50727.762
ConvertXtoDVD 3.1.2.34
Sony Vegas Pro 8.0
F4100
USB Video Camera
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
Microsoft Silverlight
QuickTime
Sony Media Manager 2.3
Choice Guard
Microsoft Office Access MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Update for Microsoft Office Access 2007 Help (KB957241)
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Publisher MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Outlook MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Update for Microsoft Office Outlook 2007 (KB952142)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB951944)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Word 2007 (KB969604)
Update for Outlook 2007 Junk Email Filter (kb970012)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Microsoft Office InfoPath MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Microsoft Office Shared MUI (English) 2007
Update for Microsoft Office 2007 Help for Common Features (KB957244)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Access Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Intel® Matrix Storage Manager
Microsoft Application Error Reporting
Microsoft Office Outlook Connector
Status
Destinations
HP Active Support Library
DJ_AIO_Software
Radioshack USB-to-Serial cable
Touch Pad Driver
Windows Live Sync
SolutionCenter
Copy
LightScribe 1.4.136.1
DeviceManagementQFolder
Adobe Reader 8.1.5
KB408682
F4100_Help
Windows Movie Maker 2.6
DivX Web Player
Microsoft SQL Server Native Client
BufferChm
MSXML 4.0 SP2 (KB936181)
Samsung PC Studio 3
Toolbox
HP Update
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Wireless Assistant
Microsoft XML Parser
DJ_AIO_Software_min
UnloadSupport
Windows Media Encoder 9 Series
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
32 Bit HP CIO Components Installer
MSCU for Microsoft Vista
HP Active Support Library 32 bit components
Windows Live OneCare safety scanner
TrayApp
======== Other Info ========
TOTAL PHYSICAL RAM: 2137 MB
Boot Info
OS Type: Microsoft® Windows Vista™ Home Premium
Build: 6.0.6001
Service Pack: 1.0
====== Files with Hidden Attributes======
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\boot\bootstat.dat
==End of Report==
bamajim
10.4K Posts
0
June 15th, 2009 09:00
1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
C:\Windows\system32\nsfEC72.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
4. The Avenger will automatically do the following:
5. Please copy/paste the content of c:\avenger.txt into your reply
bizkid10
52 Posts
0
June 15th, 2009 19:00
Okay...I get an error.
Error: Invalid Script. A valid script must begin with a command directive.
Aborting executing!
bizkid10
52 Posts
0
June 16th, 2009 10:00
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:49:43 2009
21:49:43: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:49:50 2009
21:49:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:50:12 2009
21:50:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:51:02 2009
21:51:02: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:53:00 2009
21:53:00: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:54:05 2009
21:54:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:54:15 2009
21:54:15: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\nsfEC72.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
bamajim
10.4K Posts
0
June 16th, 2009 18:00
Good work.
One more check.
Run an online virus scan called Kaspersky from HERE.
[2.] At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
[3.] Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
[4.] Select Scan Report.
[5.] If any threats were found they will appear in the report
[6.] Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt
[7.] Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well
bizkid10
52 Posts
0
June 17th, 2009 18:00
Scan took a couple of HOURS. Now, Mozilla Popups are still showing up randomly.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 17, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 18:46:42
Records in database: 2358044
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 143240
Threat name: 19
Infected objects: 64
Suspicious objects: 0
Duration of the scan: 04:25:03
File name / Threat name / Threats count
C:\Program Files\BPK\iseeyouhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.ca 1
C:\Program Files\BPK\iseeyouun.exe Infected: not-a-virus:Monitor.Win32.Perflogger.cl 1
C:\Program Files\BPK\iseeyouvw.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ca 1
C:\Qoobox\Quarantine\C\Windows\System32\aslwyygi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\awtrSjKe.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\awturRlM.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\bjwqnaox.dll.vir Infected: Trojan.Win32.Agent.agvh 1
C:\Qoobox\Quarantine\C\Windows\System32\blaulu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eor 1
C:\Qoobox\Quarantine\C\Windows\System32\crlfaufy.dll.vir Infected: Trojan.Win32.Pakes.ldj 1
C:\Qoobox\Quarantine\C\Windows\System32\ddcCSKDt.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\ddcYsRLD.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\drhhhxwc.dll.vir Infected: Trojan.Win32.Agent.agwh 1
C:\Qoobox\Quarantine\C\Windows\System32\dwgqdpcw.dll.vir Infected: Trojan.Win32.Pakes.ldj 1
C:\Qoobox\Quarantine\C\Windows\System32\eltiyj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\evparjym.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eli 1
C:\Qoobox\Quarantine\C\Windows\System32\fccbBSlJ.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\fcccayvt.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\frmollfw.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\geBstqPf.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\geBtRJaW.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\Windows\System32\gqgngbus.dll.vir Infected: Backdoor.Win32.Bifrose.aexq 1
C:\Qoobox\Quarantine\C\Windows\System32\hgGvuRkH.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\hgGvwvTl.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\hhwprawj.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\hssgmcmn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\ifsesbhs.dll.vir Infected: Backdoor.Win32.Bifrose.aexq 1
C:\Qoobox\Quarantine\C\Windows\System32\jzgtpa.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.enb 1
C:\Qoobox\Quarantine\C\Windows\System32\khfDstSL.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\khfEUllI.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\kkekay.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\kkiqhmfc.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\korqkvlk.dll.vir Infected: Trojan.Win32.Agent.agwh 1
C:\Qoobox\Quarantine\C\Windows\System32\laqfawjs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\ljbcsaok.dll.vir Infected: Trojan.Win32.Pakes.ldj 1
C:\Qoobox\Quarantine\C\Windows\System32\llausdjn.dll.vir Infected: Trojan.Win32.Agent.agwh 1
C:\Qoobox\Quarantine\C\Windows\System32\ltiigx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eli 1
C:\Qoobox\Quarantine\C\Windows\System32\mgzfrw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\miedoj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\mlJYoopq.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\nrnjxsss.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.elt 1
C:\Qoobox\Quarantine\C\Windows\System32\pewlchwb.dll.vir Infected: Trojan.Win32.Agent.agvg 1
C:\Qoobox\Quarantine\C\Windows\System32\pmnmkhGA.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\pmnmlkHy.dll.vir Infected: Trojan.Win32.Monder.sjo 1
C:\Qoobox\Quarantine\C\Windows\System32\ptmvzs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eju 1
C:\Qoobox\Quarantine\C\Windows\System32\rfmmdwmm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eju 1
C:\Qoobox\Quarantine\C\Windows\System32\rlpwwllq.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\rqRJBTJB.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\seojqqge.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\sianetqi.dll.vir Infected: Backdoor.Win32.Bifrose.aexq 1
C:\Qoobox\Quarantine\C\Windows\System32\srhondnx.dll.vir Infected: Trojan.Win32.Agent.ahwy 1
C:\Qoobox\Quarantine\C\Windows\System32\teepgslb.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.hix 1
C:\Qoobox\Quarantine\C\Windows\System32\tuvTnMFv.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\uxolhgoi.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\vgjygfof.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.enb 1
C:\Qoobox\Quarantine\C\Windows\System32\vtUmMgGw.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\vtUnkiFx.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\wqwoscgq.dll.vir Infected: Trojan.Win32.Agent.agvh 1
C:\Qoobox\Quarantine\C\Windows\System32\wvighnck.exe.vir Infected: not-a-virus:NetTool.Win32.Agent.ay 1
C:\Qoobox\Quarantine\C\Windows\System32\wvUkLFyw.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\xapsce.dll.vir Infected: Trojan.Win32.Agent.agvg 1
C:\Qoobox\Quarantine\C\Windows\System32\xxyaaxxW.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\xxyxYqop.dll.vir Infected: Trojan.Win32.Monderb.amxo 1
C:\Qoobox\Quarantine\C\Windows\System32\yoshmqge.dll.vir Infected: Trojan.Win32.Agent.agna 1
C:\Windows\System32\mncfcbev.dll Infected: Backdoor.Win32.Bifrose.aexq 1
The selected area was scanned.
bamajim
10.4K Posts
0
June 18th, 2009 15:00
1. Rerun Avenger
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
C:\Program Files\BPK\iseeyouhk.dll
C:\Program Files\BPK\iseeyouun.exe
C:\Program Files\BPK\iseeyouvw.exe
C:\Windows\System32\mncfcbev.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
4. The Avenger will automatically do the following:
5. Please copy/paste the content of c:\avenger.txt into your reply
bizkid10
52 Posts
0
June 18th, 2009 20:00
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:49:43 2009
21:49:43: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:49:50 2009
21:49:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:50:12 2009
21:50:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:51:02 2009
21:51:02: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:53:00 2009
21:53:00: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:54:05 2009
21:54:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon Jun 15 21:54:15 2009
21:54:15: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\nsfEC72.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
1866-829-9494
0000415692
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Program Files\BPK\iseeyouhk.dll" deleted successfully.
File "C:\Program Files\BPK\iseeyouun.exe" deleted successfully.
File "C:\Program Files\BPK\iseeyouvw.exe" deleted successfully.
File "C:\Windows\System32\mncfcbev.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Firefox problem still occurs.
bizkid10
52 Posts
0
June 22nd, 2009 18:00
Bump.
bamajim
10.4K Posts
0
June 23rd, 2009 07:00
bizkid10
How is your PC running now?
bizkid10
52 Posts
0
June 23rd, 2009 09:00
Still have the firefox pop ups.
bamajim
10.4K Posts
0
June 23rd, 2009 09:00
bizkid10
Please explain. You only get pop up's when using Firefox? If you use Interent Explorer you do not get pop-ups?
And please give a description of the pop-ups
bizkid10
52 Posts
0
June 23rd, 2009 17:00
I don't use IE anymore, but when I do yes, I did get them.
I also get them right now with Firefox. There the ad pop ups that say something like "i make $127/hour with google" or scam like that.
bizkid10
52 Posts
0
June 24th, 2009 09:00
http://img4.imageshack.us/img4/1938/27950890.jpg
thats one of them
Ads are by "trueads"