Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Lost desktop, internet slow, popups, and virus ***PLEASE HELP *** Lost desktop, internet slow, popups, and virus ***PLEASE HELP ***
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 04-30-2008, 04:48 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 7
OS: Windows xp


Lost desktop, internet slow, popups, and virus ***PLEASE HELP ***
I went thru the 5 steps. Here is a copy of activescan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-30 04:21:57
PROTECTIONS: 85
MALWARE: 36
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
No Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.179
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.110
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.114
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.120
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.56
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.2.17
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.114
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.143
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.143
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.24
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.143
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.219
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition 8.0.1.15 No Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.2.17
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.213
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.114
No Yes
Avira AntiVir PersonalEdition Classic 6.39.0.56
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.110
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.97
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.146
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.154
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.39.0.30
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.64
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.174
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.2.82
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.0.143
Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.110
Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Jeremy\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.clickbank.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.yadro.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.statcounter.com/]
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@www.web-stat[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[ad.yieldmanager.com/]
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[counter10.sextracker.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@burstnet[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.sextracker.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.bluestreak.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[.ads.addynamix.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\zq3rmm3u.default\cookies.txt[citi.bridgetrack.com/]
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Jeremy\Desktop\SmitfraudFix\Reboot.exe
02887531 Cookie/UltimateCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@ucleaner[2].txt
02887532 Cookie/XPAntivirusPro TrackingCookie No 0 Yes No C:\Documents and Settings\Jeremy\Cookies\jeremy@www.safenavweb[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location q
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description q
;===================================================================================================================================================================================
120815 HIGH MS06-022 q
;===================================================================================================================================================================================



Here is my hijack this log:Deckard's System Scanner v20071014.68
Run by Jeremy on 2008-04-30 00:33:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-04-30 04:33:05 UTC - RP665 - Deckard's System Scanner Restore Point
95: 2006-01-01 04:03:53 UTC - RP664 - Removed LogMeIn
94: 2008-04-29 23:14:00 UTC - RP663 - Last known good configuration
93: 2008-04-29 23:13:54 UTC - RP662 - System Checkpoint
92: 2008-04-29 23:13:54 UTC - RP661 - System Checkpoint


-- First Restore Point --
1: 2008-04-29 23:13:44 UTC - RP570 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jeremy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:18 AM, on 04/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeremy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2770FE59-A7AD-4698-B22A-04E7B3677910} - C:\WINDOWS\system32\rqRJcYqP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\ljJBuvuS.dll
O3 - Toolbar: wxdbpfvo - {F0791CA9-77CF-437E-AF92-58DCE68FA410} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc668868] rundll32.exe "C:\WINDOWS\system32\jyepvpne.dll",b
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\ABITEQ\ABITEQ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert for CLIE - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: ljJBuvuS - C:\WINDOWS\SYSTEM32\ljJBuvuS.dll
O21 - SSODL: qadovnel - {853F276B-4B70-4949-867F-58F7E8D5F891} - C:\WINDOWS\qadovnel.dll (file missing)
O21 - SSODL: bdkpfxqw - {33839D5D-BE42-4E41-A67A-072890C33243} - C:\WINDOWS\bdkpfxqw.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7810 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ABIT-IO - c:\windows\system32\drivers\abit-io.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>

S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys (file missing)
S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys (file missing)
S3 dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Dot4Scan (Scan Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4scan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 dot4usb (Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 Memctl - c:\program files\abit\flashmenu\memctl.sys
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WINFLASH - c:\program files\abit\flashmenu\winflash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 14:45:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-01-01 01:04:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 00:34:13 0 d-------- C:\Program Files\Trend Micro
2008-04-30 00:29:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 00:29:01 0 d-------- C:\Program Files\SpywareBlaster
2008-04-30 00:22:35 0 d-------- C:\Program Files\Panda Security
2008-04-30 00:08:59 3166 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 00:08:43 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 00:08:43 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-29 22:13:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-29 22:13:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-29 22:13:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-29 22:13:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-29 22:13:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-29 22:13:20 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-29 21:01:00 0 d-------- C:\Documents and Settings\Jeremy\Application Data\TmpRecentIcons
2008-04-29 19:13:34 447069 --ahs---- C:\WINDOWS\system32\PqYcJRqr.ini2
2008-04-29 19:13:31 280576 -----n--- C:\WINDOWS\system32\rqRJcYqP.dll
2008-04-29 19:08:26 37376 --a------ C:\WINDOWS\system32\ljJBuvuS.dll
2008-04-20 22:44:19 180224 --a------ C:\WINDOWS\UninstallWSST.exe <Not Verified; ; UninstallEXE Application>


-- Find3M Report ---------------------------------------------------------------

2008-04-30 00:22:38 3217 --a------ C:\WINDOWS\mozver.dat
2008-04-06 09:39:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 21:40:42 0 d-------- C:\Program Files\LoadBase 2.0
2008-03-03 23:32:29 0 d-------- C:\Program Files\LimeWire
2008-03-01 12:48:19 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Adobe
2008-02-20 18:05:38 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-20 18:05:38 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2770FE59-A7AD-4698-B22A-04E7B3677910}]
04/29/2008 07:13 PM 280576 --------- C:\WINDOWS\system32\rqRJcYqP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}]
04/29/2008 07:08 PM 37376 --a------ C:\WINDOWS\system32\ljJBuvuS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [02/17/2006 11:40 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [11/17/2006 06:29 PM]
"nwiz"="nwiz.exe" [11/17/2006 06:29 PM C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [06/28/2006 02:54 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"EPSON Stylus Photo 820 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.exe" [04/10/2002 04:00 AM]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [04/29/2008 09:58 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [11/17/2006 06:29 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 04:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]
"bc668868"="C:\WINDOWS\system32\jyepvpne.dll" [01/01/2006 01:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="C:\Program Files\ABIT\ABITEQ\ABITEQ.exe" [02/22/2006 06:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Jeremy\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\Hotsync.exe [04/06/2007 8:38:13 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/2005 11:05:26 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [05/31/2005 3:29:16 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [04/16/2007 8:40:21 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\WINDOWS\system32\ljJBuvuS.dll [04/29/2008 07:08 PM 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qadovnel"= {853F276B-4B70-4949-867F-58F7E8D5F891} - C:\WINDOWS\qadovnel.dll [ ]
"bdkpfxqw"= {33839D5D-BE42-4E41-A67A-072890C33243} - C:\WINDOWS\bdkpfxqw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBuvuS]
ljJBuvuS.dll 04/29/2008 07:08 PM 37376 C:\WINDOWS\system32\ljJBuvuS.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRJcYqP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-30 00:35:08 ------------

Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.48 MiB / 1507.55 MiB
Pagefile Memory (total/avail): 2662.42 MiB / 2237.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 47.72 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVC0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.179
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.110
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.114
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.120
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.56
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.2.17
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.114
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.143
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.143
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.24
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.143
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.219
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.2.17
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.213
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.114
(Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.56
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.110
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.97
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.146
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.154
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.30
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.64
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.143
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.110
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA Demo"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeremy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JEREMY-CMX2E3HM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeremy
LOGONSERVER=\\JEREMY-CMX2E3HM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
USERDOMAIN=JEREMY-CMX2E3HM
USERNAME=Jeremy
USERPROFILE=C:\Documents and Settings\Jeremy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeremy (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABITEQ V1.0.2.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B18397C-473A-487B-B7A1-7B2A1A4FE245}\Setup.exe" -l0x9
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArmA Demo Uninstall --> C:\Program files\Atari\ArmA Demo\UnInstall.exe
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CLIE MS SCSI Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}\setup.exe" UNINSTALL
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{617A4A01-200A-4761-A4E5-3977AE89E8D2}\Setup.exe" -l0x9
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Image Converter 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDA3D2C3-3197-4FE3-A50F-0A569EC172FA}\Setup.exe"
Intellisync Lite --> C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\ISCLIE\DeIsL2.isu -cC:\PROGRA~1\ISCLIE\ILUNINST.DLL
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LoadBase 2.0© Desktop edition --> MsiExec.exe /I{DB62EDC9-8ECA-4DE9-857C-30308CFBAB0A}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Export --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}\Setup.exe" UNINSTALL
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - BTmod 2.20 --> C:\Program Files\Bethesda Softworks\Oblivion\Data\BTmod-Uninstall.exe
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Precision Shooter's Workbench --> MsiExec.exe /I{0892DFC0-4F9E-492F-9ED2-81A5893DD406}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Tag&Rename 3.3 --> "C:\Program Files\TagRename\unins000.exe"
WebVideo Support --> C:\WINDOWS\spwoqbmv.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1367 / Warning
Event Submitted/Written: 04/30/2008 00:10:30 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\OT6J0P6V\kriv[1]

Event Record #/Type1366 / Warning
Event Submitted/Written: 04/30/2008 00:07:30 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\OT6J0P6V\kriv[1]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13782 / Error
Event Submitted/Written: 04/30/2008 00:10:33 AM
Event ID/Source: 34 / W32Time
Event Description:
The time service has detected that the system time needs to be
changed by +55464 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|24.115.133.24:123->207.46.197.32:123) is working properly.

Event Record #/Type13780 / Error
Event Submitted/Written: 04/30/2008 00:08:22 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-04-30 00:35:08 ------------




In particular, I can't get rid of the file, which my avira says is a TR/vundo.gen: c:\windows\system32\rqRJcYqP.dll

It doesn't help everytime I need to reboot I have to reset my CMOS (separate issue posted in motherboard support). Please help!!!
jonesturf is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-04-2008, 02:51 PM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 2,790
OS: XP


Re: Lost desktop, internet slow, popups, and virus ***PLEASE HELP ***
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

=========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

P2P

P2P - I see you have P2P software LimeWire 4.16.6 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

J2SE Runtime Environment 5.0 Update 3
Leave Java(TM) 6 Update 3 installed

WebVideo Support<---Know to install malware

==========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with all the required logs

==========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

========
Logs Required
Report.txt
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-04-2008, 05:48 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 7
OS: Windows xp


Re: Lost desktop, internet slow, popups, and virus ***PLEASE HELP ***
SDFix: Version 1.179
Run by Jeremy on 05/04/2008 at 07:45 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\rs.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 20:26:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 6 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 1 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT3.tmp"
Thu 1 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT2.tmp"
Thu 1 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT1.tmp"

Finished!






WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
jonesturf is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-04-2008, 05:50 PM   #4 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 7
OS: Windows xp


Re: Lost desktop, internet slow, popups, and virus ***PLEASE HELP ***
Here is a log from my virus program as well. Going to run combofix now.


Exported events:

05/04/2008 20:49 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:48 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\miyhdpat.dll.
Action performed: Deny access

05/04/2008 20:48 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:48 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:47 [Guard] Error detected
Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\system32\rqRJcYqP.dll
Error code: [0x00000020 - The process cannot access the file because it is
being used by another process.].

05/04/2008 20:47 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Delete file

05/04/2008 20:47 [Guard] Error detected
Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\system32\rqRJcYqP.dll
Error code: [0x00000020 - The process cannot access the file because it is
being used by another process.].

05/04/2008 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\SYSTEM32\MIYHDPAT.DLL.
Action performed: Deny access

05/04/2008 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\miyhdpat.dll.
Action performed: Deny access

05/04/2008 20:44 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:42 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:35 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:35 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:31 [Updater] Update successfully completed
Update performed successfully from Avira AntiVir Personal – Free Antivirus via
http://dl2.avgate.net.
The update was done on 5/4/2008 20:31 successful.

05/04/2008 20:31 [Guard] Reload engine.
The Engine was reloaded.
Engine Version: 8.01.00.37
VDF Version: 7.00.03.243

05/04/2008 20:31 [Scheduler] Job started
The job "Immediate Update"
was started successfully.

05/04/2008 20:30 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\SYSTEM32\MIYHDPAT.DLL.
Action performed: Deny access

05/04/2008 20:30 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\miyhdpat.dll.
Action performed: Deny access

05/04/2008 20:25 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\rqRJcYqP.dll.
Action performed: Deny access

05/04/2008 20:24 [Guard] Service started
Service started.
Version of service: 8.0.1.15
Version of Engine: 8.1.0.37
Version of VDF: 7.0.3.236

05/04/2008 20:23 [Scheduler] Service started
The service was started.
Version of service 8.0.0.12

05/04/2008 19:37 [Guard] Service stopped
Service stopped.

05/04/2008 19:37 [Scheduler] Service stopped
The service was stopped.

05/04/2008 19:24 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Jeremy\Local Settings\Temporary
Internet Files\Content.IE5\OP6J4HA7\kriv[1].
Action performed: Delete file

05/04/2008 19:24 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Jeremy\Local Settings\Temporary
Internet Files\Content.IE5\OP6J4HA7\kriv[1].
Action performed: Deny access
jonesturf is offline  
Digg this Post!Add Post to del.icio.us