Tech Support Forum - View Single Post - trojan, vundo, pop-ups, no updates

cerebrum · 06-18-2008, 09:58 PM

VirusTotal:

File hbhhcknf.tmp received on 06.18.2008 00:39:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/33 (0%)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT:
Wednesday, June 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 18, 2008 15:36:21
Records in database: 878919
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 114267
Threat name: 45
Infected objects: 75
Suspicious objects: 0
Duration of the scan: 03:02:45

File name / Threat name / Threats count
C:\Deckard\System Scanner\20080612115441\backup\DOCUME~1\RAC\LOCALS~1\Temp\RarSFX0\RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Deckard\System Scanner\20080612115441\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\fccyabxx.dll.q_8044A05_q Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\qoMcCUND.dll.q_8044C05_q Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\qoMGyYPF.dll.q_8044A05_q Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\msw\MSW.exe Infected: not-a-virus:AdWare.Win32.Searcher.h 1
C:\Documents and Settings\All Users\Application Data\msw\msw_uninstall.exe Infected: not-a-virus:AdWare.Win32.Searcher.h 1
C:\Documents and Settings\All Users\Application Data\msw\msw_uninstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.a 1
C:\Documents and Settings\All Users\Documents\new\XBOX\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\Maxthon\AiRoboForm\AiRoboForm.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\awtqrqnK.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cpwacecx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\doqsftoj.dll.vir Infected: Trojan.Win32.Monder.wb 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hgGyaYQh.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hnnojfcf.dll.vir Infected: Trojan.Win32.Monder.uu 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iifdDwtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lnbhosvv.dll.vir Infected: Trojan.Win32.Monder.wc 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lqrnobye.dll.vir Infected: Trojan.Win32.Monder.qx 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\orpyhlnr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\spjurjcn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xindhvxc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yxx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257570.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257604.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yhx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257605.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257606.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257654.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257710.exe Infected: Trojan-Dropper.Win32.Agent.abb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257711.exe Infected: Trojan.Win32.VB.tq 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257905.dll Infected: Trojan-Clicker.Win32.Agent.ac 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257916.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257917.dll Infected: Trojan-Downloader.Win32.Qoologic.ac 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258075.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258077.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.b 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258078.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258081.dll Infected: not-a-virus:AdWare.Win32.Comet.ba 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258105.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258106.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258107.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258109.exe Infected: not-a-virus:AdWare.Win32.CASClient.d 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258110.dll Infected: not-a-virus:AdWare.Win32.CASClient.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258111.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258113.exe Infected: Trojan-Dropper.Win32.Agent.tb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258114.exe Infected: Trojan.Win32.Crypt.t 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258115.exe Infected: Packed.Win32.NSAnti.r 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258116.sys Infected: Rootkit.Win32.SMA.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258117.exe Infected: Trojan-Downloader.Win32.TSUpdate.e 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258118.dll Infected: not-a-virus:AdWare.Win32.BHO.z 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258119.dll Infected: not-a-virus:AdWare.Win32.Adstart.c 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258120.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258121.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258122.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.i 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yhx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258155.dll Infected: Trojan.Win32.Agent.rep 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1111\A0258216.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1112\A0259221.dll Infected: Trojan.Win32.Monder.na 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259348.dll Infected: Trojan.Win32.Monder.wb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259350.dll Infected: Trojan.Win32.Monder.oa 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259351.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259352.dll Infected: Trojan.Win32.Monder.uu 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259353.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259354.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259355.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259356.dll Infected: Trojan.Win32.Monder.wc 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259357.dll Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259358.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259361.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259363.dll Infected: Trojan.Win32.Monder.nb 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yxx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259366.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\$NtServicePackUninstall$\tip.htm Infected: not-a-virus:AdWare.Win32.FindSpy.d 1
C:\WINDOWS\SYSTEM32\Eprocessing_40kd34fg.exe Infected: Trojan-Dropper.Win32.Mudrop.o 1

The selected area was scanned.

HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:32 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...age/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130582841078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/i...image40930.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D81DDE-E2A9-40AB-B7B9-FBA8A1FB4FCD}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{04476BFC-2143-428B-91EB-327F1F3C2404}: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\ColdFusionSearchService\k2\_nti40\bin\k2admin.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10942 bytes

My system seems to be behaving normal, no pop-ups of any kind broadband speed is fine. Here are the reports you needed.
Thank you again

06-18-2008, 09:58 PM	#5 (permalink)
cerebrum Registered User Join Date: Jun 2008 Location: tx Posts: 7 OS: XP	Re: trojan, vundo, pop-ups, no updates VirusTotal: File hbhhcknf.tmp received on 06.18.2008 00:39:43 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT: Wednesday, June 18, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, June 18, 2008 15:36:21 Records in database: 878919 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ Scan statistics: Files scanned: 114267 Threat name: 45 Infected objects: 75 Suspicious objects: 0 Duration of the scan: 03:02:45 File name / Threat name / Threats count C:\Deckard\System Scanner\20080612115441\backup\DOCUME~1\RAC\LOCALS~1\Temp\RarSFX0\RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1 C:\Deckard\System Scanner\20080612115441\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1 C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\fccyabxx.dll.q_8044A05_q Infected: Trojan.Win32.Monder.gen 1 C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\qoMcCUND.dll.q_8044C05_q Infected: Trojan.Win32.Monder.gen 1 C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\qoMGyYPF.dll.q_8044A05_q Infected: Trojan.Win32.Monder.gen 1 C:\Documents and Settings\All Users\Application Data\msw\MSW.exe Infected: not-a-virus:AdWare.Win32.Searcher.h 1 C:\Documents and Settings\All Users\Application Data\msw\msw_uninstall.exe Infected: not-a-virus:AdWare.Win32.Searcher.h 1 C:\Documents and Settings\All Users\Application Data\msw\msw_uninstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.a 1 C:\Documents and Settings\All Users\Documents\new\XBOX\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Program Files\Maxthon\AiRoboForm\AiRoboForm.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\awtqrqnK.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cpwacecx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\doqsftoj.dll.vir Infected: Trojan.Win32.Monder.wb 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hgGyaYQh.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hnnojfcf.dll.vir Infected: Trojan.Win32.Monder.uu 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iifdDwtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lnbhosvv.dll.vir Infected: Trojan.Win32.Monder.wc 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lqrnobye.dll.vir Infected: Trojan.Win32.Monder.qx 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\orpyhlnr.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\spjurjcn.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xindhvxc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yxx 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257570.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257604.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yhx 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257605.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0257606.exe Infected: Trojan.Win32.LowZones.gb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257654.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257710.exe Infected: Trojan-Dropper.Win32.Agent.abb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1107\A0257711.exe Infected: Trojan.Win32.VB.tq 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257905.dll Infected: Trojan-Clicker.Win32.Agent.ac 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257916.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0257917.dll Infected: Trojan-Downloader.Win32.Qoologic.ac 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258075.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258077.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.b 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258078.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258081.dll Infected: not-a-virus:AdWare.Win32.Comet.ba 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258105.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258106.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258107.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258109.exe Infected: not-a-virus:AdWare.Win32.CASClient.d 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258110.dll Infected: not-a-virus:AdWare.Win32.CASClient.a 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258111.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258113.exe Infected: Trojan-Dropper.Win32.Agent.tb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258114.exe Infected: Trojan.Win32.Crypt.t 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258115.exe Infected: Packed.Win32.NSAnti.r 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258116.sys Infected: Rootkit.Win32.SMA.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258117.exe Infected: Trojan-Downloader.Win32.TSUpdate.e 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258118.dll Infected: not-a-virus:AdWare.Win32.BHO.z 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258119.dll Infected: not-a-virus:AdWare.Win32.Adstart.c 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258120.exe Infected: Trojan.Win32.LowZones.gb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258121.exe Infected: Trojan.Win32.LowZones.gb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258122.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.i 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yhx 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1109\A0258155.dll Infected: Trojan.Win32.Agent.rep 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1111\A0258216.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1112\A0259221.dll Infected: Trojan.Win32.Monder.na 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259348.dll Infected: Trojan.Win32.Monder.wb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259350.dll Infected: Trojan.Win32.Monder.oa 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259351.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259352.dll Infected: Trojan.Win32.Monder.uu 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259353.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259354.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259355.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259356.dll Infected: Trojan.Win32.Monder.wc 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259357.dll Infected: Trojan.Win32.Monder.qx 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259358.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259361.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259363.dll Infected: Trojan.Win32.Monder.nb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yxx 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1115\A0259366.dll Infected: Trojan.Win32.Monder.gen 1 C:\WINDOWS\$NtServicePackUninstall$\tip.htm Infected: not-a-virus:AdWare.Win32.FindSpy.d 1 C:\WINDOWS\SYSTEM32\Eprocessing_40kd34fg.exe Infected: Trojan-Dropper.Win32.Mudrop.o 1 The selected area was scanned. HiJack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:32 PM, on 6/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...age/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130582841078 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/i...image40930.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D81DDE-E2A9-40AB-B7B9-FBA8A1FB4FCD}: NameServer = 68.94.156.1,68.94.157.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{04476BFC-2143-428B-91EB-327F1F3C2404}: NameServer = 69.50.184.84,195.225.176.37 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\ColdFusionSearchService\k2\_nti40\bin\k2admin.exe (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 10942 bytes My system seems to be behaving normal, no pop-ups of any kind broadband speed is fine. Here are the reports you needed. Thank you again