Maniatv.com, Broadcaster.com, & Other Ad/Site Popups

[triplej555]

Hello,


This is my first time on the forums, and of course I'm here because I have a malware issue.

About a week or so ago, whenever I would open Firefox or Internet Explorer, or when I was simply going to a different site, a random website would popup, including Broadcaster.com, Maniatv.com, or Winantivirus pro.

I've run a bunch of spyware/adware/anti-virus removal programs, and while sometimes they would find something and remove it, it never seemed to solve the problem. I've glanced at other forums and I've seen other people had the same problem--but solving it might be unique in each case.

I've since removed most of the programs I've tried, went through your 5-step process before I posted this.


Thanks in advance for all your help.





Panda Activescan Report:


Incident Status Location


Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.xiti.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\triplej555\Application Data\Mozilla\Firefox\Profiles\2pbpliov.default\cookies.txt[.com.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\triplej555\Cookies\triplej555@atwola[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\triplej555\Cookies\triplej555@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\triplej555\Cookies\triplej555@mediaplex[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khqtvhku.dll





Deckard's System Scanner v20070411.38
Run by triplej555 on 2007-04-21 at 19:03:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-04-21 23:03:27 UTC - RP211 - Deckard's System Scanner Restore Point
92: 2007-04-21 22:50:19 UTC - RP210 - Software Distribution Service 2.0
91: 2007-04-20 23:30:48 UTC - RP209 - Restore Operation
90: 2007-04-19 01:48:46 UTC - RP208 - Installed Kaspersky Anti-Virus 6.0.
89: 2007-04-19 01:43:46 UTC - RP207 - AntiVir PersonalEdition Classic - 4/18/2007 21:43


-- First Restore Point --
1: 2007-01-22 16:40:22 UTC - RP119 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as triplej555.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:04:09 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\triplej555\Desktop\dss.exe
C:\DOCUME~1\TRIPLE~1\Desktop\triplej555.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\ytxorwkt.dll
O2 - BHO: (no name) - {287FF496-118D-4455-A33C-3E8C8BAF1477} - C:\WINDOWS\system32\opnmjih.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {6D390198-99FE-477D-BBFD-6E604364A546} - C:\WINDOWS\system32\gebcb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\khqtvhku.dll",setvm
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: opnmjih - opnmjih.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys
R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys
R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys
R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys
R2 DLADResN - c:\windows\system32\dla\dladresn.sys
R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys
R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys
R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys
R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys
R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys
R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R3 btwhid - c:\windows\system32\drivers\btwhid.sys
R3 CTUSFSYN (Creative SoundFont Synthesizer) - c:\windows\system32\drivers\ctusfsyn.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
R3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys
R3 sigfilt - c:\windows\system32\drivers\sigfilt.sys
R3 STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\sthda.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 Aspi32 - c:\windows\system32\drivers\aspi32.sys (file missing)
S3 avcgbdr (Adaptec GameBridge AVC-14X0/15X0) - c:\windows\system32\drivers\avcgbdr.sys
S3 avcgbfl (Adaptec GameBridge AVC-14X0/15X0 Loader) - c:\windows\system32\drivers\avcgbfl.sys
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"

S3 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe"
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-09 10:34:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-21 and 2007-04-21 -----------------------------

2007-04-21 18:54:02 76412 --a------ C:\WINDOWS\system32\oiuvbxnf.dll
2007-04-21 18:26:26 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-21 15:22:52 123972 --a------ C:\WINDOWS\system32\khqtvhku.dll
2007-04-21 15:22:48 49204 --a------ C:\WINDOWS\system32\ytxorwkt.dll
2007-04-21 15:22:41 1407035 ---hs---- C:\WINDOWS\system32\bcbeg.bak2<BCBEG~2.BAK>
2007-04-21 14:46:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-21 12:17:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-18 21:58:21 1404087 ---hs---- C:\WINDOWS\system32\bcbeg.ini2<BCBEG~1.INI>
2007-04-18 21:50:21 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-04-18 21:50:21 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-04-18 21:49:13 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-04-18 21:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-04-18 21:48:52 29728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-18 21:48:52 3462176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-18 21:42:38 0 d-------- C:\kav
2007-04-18 18:33:48 1399175 ---hs---- C:\WINDOWS\system32\bcbeg.bak1<BCBEG~1.BAK>
2007-04-18 18:33:33 281172 -----n--- C:\WINDOWS\system32\gebcb.dll
2007-04-18 06:47:04 1399172 ---hs---- C:\WINDOWS\system32\gfhkj.bak1<GFHKJ~1.BAK>
2007-04-17 22:55:16 125460 --a------ C:\WINDOWS\system32\ikgsvgnk.dll
2007-04-17 22:54:46 1394184 ---hs---- C:\WINDOWS\system32\uvvwa.bak1<UVVWA~1.BAK>
2007-04-17 21:14:02 125460 --a------ C:\WINDOWS\system32\kwtmwcsb.dll
2007-04-17 21:00:51 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-17 18:58:09 125460 --a------ C:\WINDOWS\system32\naobsdtt.dll
2007-04-16 18:30:09 0 d-------- C:\Program Files\Common Files\Java
2007-04-15 2356 1412288 ---hs---- C:\WINDOWS\system32\ybeeg.ini2<YBEEG~1.INI>
2007-04-15 22:39:16 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-04-15 22:30:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-04-15 22:30:37 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-04-15 22:30:37 0 d-------- C:\Documents and Settings\triplej555\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-04-15 19:28:50 0 d-------- C:\Program Files\DVDVIDEOSOFT<DVDVID~1>
2007-04-14 15:07:59 0 d-------- C:\Program Files\PeerGuardian2<PEERGU~1>
2007-04-13 20:54:42 1403612 ---hs---- C:\WINDOWS\system32\ybeeg.bak2<YBEEG~2.BAK>
2007-04-12 20:54:26 1402293 ---hs---- C:\WINDOWS\system32\ybeeg.bak1<YBEEG~1.BAK>
2007-04-08 20:14:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-08 20:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-06 20:00:06 0 d-------- C:\Documents and Settings\triplej555\Application Data\Viewpoint<VIEWPO~1>
2007-04-02 21:53:21 0 d-------- C:\SILENT_HILL<SILENT~1>
2007-03-27 03:55:57 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55:23 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55:23 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49:07 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:49:07 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49:02 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49:02 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:48:59 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-03-27 03:48:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-03-27 03:48:58 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-03-27 03:48:58 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-21 17:57:31 0 d-------- C:\Program Files\iPod
2007-03-21 17:57:28 0 d-------- C:\Program Files\iTunes
2007-03-21 17:56:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-21 18:23:56 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 15:25:01 0 d-------- C:\Program Files\SetPoint
2007-04-21 15:17:14 0 d-------- C:\Program Files\Digital Line Detect<DIGITA~1>
2007-04-21 15:17:14 0 d-------- C:\Program Files\Dell Support<DELLSU~1>
2007-04-16 18:32:27 0 d-------- C:\Program Files\Java
2007-04-15 22:39:20 0 d-------- C:\Program Files\NetWaiting<NETWAI~1>
2007-04-14 20:46:54 0 d-------- C:\Program Files\DivX
2007-04-14 20:13:18 0 d-------- C:\Program Files\Dell
2007-04-14 20:07:56 0 d-------- C:\Program Files\GemMaster<GEMMAS~1>
2007-04-12 20:47:12 0 d-------- C:\Program Files\PQDVD
2007-04-12 17:36:13 0 d-------- C:\Documents and Settings\triplej555\Application Data\dvdcss
2007-04-10 19:43:17 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-10 19:43:12 88 -r-hs---- C:\WINDOWS\system32\613DAE956E.sys<613DAE~1.SYS>
2007-04-08 20:07:13 0 d-------- C:\Documents and Settings\triplej555\Application Data\AdobeUM
2007-04-02 22:11:36 0 d-------- C:\Documents and Settings\triplej555\Application Data\RipIt4Me
2007-03-21 17:55:11 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:47:46 0 d-------- C:\Documents and Settings\triplej555\Application Data\Intervideo<INTERV~1>
2007-03-16 19:46:42 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-16 19:46:36 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-03-16 19:46:20 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-03-16 19:44:49 0 d-------- C:\Program Files\Adaptec
2007-03-12 19:43:12 0 d-------- C:\Documents and Settings\triplej555\Application Data\Real
2007-03-09 19:52:52 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 21:48:35 0 d-------- C:\Program Files\Winamp
2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-31 13:56:32 214 --a------ C:\Documents and Settings\triplej555\Application Data\wklnhst.dat
2007-01-30 01:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 01:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 01:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SigmatelSysTrayApp"="stsystra.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\khqtvhku.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WIFICO~1\\NINTEN~1.EXE "
"item"="Run Nintendo Wi-Fi USB Connector Registration Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LBTWiz"
"hkey"="HKLM"
"command"="LBTWiz.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32 CTMBHA"
"hkey"="HKLM"
"command"="Rundll32 CTMBHA.DLL,MBMon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MIDIDef"
"hkey"="HKCU"
"command"="MIDIDef.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VideoraiPodConverter"
"hkey"="HKLM"
"command"="C:\\Program Files\\VideoraiPodConverter\\VideoraiPodConverter.exe -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AndreaVC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\VoiceCenter\\AndreaVC.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinCinemaMgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinCinemaMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinRemote"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinRemote.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{287FF496-118D-4455-A33C-3E8C8BAF1477}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmjih

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe


-- End of Deckard's System Scanner: finished at 2007-04-21 at 19:04:52 ---------

[triplej555]

Bump.

[Ried]

Hello triplej555 and welcome to TSF,

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. I'll need that in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
New HijackThis log

[triplej555]

"triplej555" - 07-04-25 21:56:22 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\triplej555\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))


2007-04-21 19:03 <DIR> d-------- C:\Deckard
2007-04-21 18:26 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-21 14:46 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-21 12:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-18 21:50 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-04-18 21:50 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-04-18 21:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-04-18 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-04-18 21:48 56,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-18 21:48 5,315,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-18 21:42 <DIR> d-------- C:\kav
2007-04-18 06:47 1,399,172 ---hs---- C:\WINDOWS\system32\gfhkj.bak1
2007-04-17 22:54 1,394,184 ---hs---- C:\WINDOWS\system32\uvvwa.bak1
2007-04-17 21:00 <DIR> d-------- C:\VundoFix Backups
2007-04-15 23:06 1,412,288 ---hs---- C:\WINDOWS\system32\ybeeg.ini2
2007-04-15 22:39 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-04-15 22:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-04-15 22:30 <DIR> d-------- C:\DOCUME~1\TRIPLE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-15 22:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-15 19:28 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2007-04-14 15:07 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-04-13 20:54 1,403,612 ---hs---- C:\WINDOWS\system32\ybeeg.bak2
2007-04-12 20:54 1,402,293 ---hs---- C:\WINDOWS\system32\ybeeg.bak1
2007-04-06 20:00 <DIR> d-------- C:\DOCUME~1\TRIPLE~1\APPLIC~1\Viewpoint
2007-04-02 21:53 <DIR> d-------- C:\SILENT_HILL
2007-03-27 03:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-21 18:23 -------- d-------- C:\Program Files\spywareblaster
2007-04-21 15:25 -------- d-------- C:\Program Files\setpoint
2007-04-21 15:17 -------- d-------- C:\Program Files\digital line detect
2007-04-21 15:17 -------- d-------- C:\Program Files\dell support
2007-04-15 22:39 -------- d-------- C:\Program Files\netwaiting
2007-04-14 20:46 -------- d-------- C:\Program Files\divx
2007-04-14 20:13 -------- d-------- C:\Program Files\dell
2007-04-14 20:07 -------- d-------- C:\Program Files\gemmaster
2007-04-12 20:47 -------- d-------- C:\Program Files\pqdvd
2007-04-10 19:43 88 -r-hs---- C:\WINDOWS\system32\613dae956e.sys
2007-04-10 19:43 3558 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-04-09 20:21 -------- d-------- C:\Program Files\quicktime
2007-04-02 22:11 -------- d-------- C:\DOCUME~1\TRIPLE~1\APPLIC~1\ripit4me
2007-03-21 17:57 -------- d-------- C:\Program Files\itunes
2007-03-21 17:57 -------- d-------- C:\Program Files\ipod
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:47 -------- d-------- C:\DOCUME~1\TRIPLE~1\APPLIC~1\intervideo
2007-03-16 19:46 -------- d--h----- C:\Program Files\installshield installation information
2007-03-16 19:46 -------- d-------- C:\Program Files\intervideo
2007-03-12 19:43 -------- d-------- C:\DOCUME~1\TRIPLE~1\APPLIC~1\real
2007-03-09 19:52 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 20:39 110360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-03-02 21:48 -------- d-------- C:\Program Files\winamp
2007-02-15 21:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-31 13:56 214 --a------ C:\DOCUME~1\TRIPLE~1\APPLIC~1\wklnhst.dat
2007-01-30 01:03 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-30 01:03 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 01:03 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-01 17:47 120 --a------ C:\DOCUME~1\TRIPLE~1\APPLIC~1\fixvts.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmjih

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^triplej555^Start Menu^Programs^Startup^SpywareGuard.lnk]
"path"="C:\\Documents and Settings\\triplej555\\Start Menu\\Programs\\Startup\\SpywareGuard.lnk"
"backup"="C:\\WINDOWS\\pss\\SpywareGuard.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SPYWAR~2\\sgmain.exe "
"item"="SpywareGuard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LBTWiz"
"hkey"="HKLM"
"command"="LBTWiz.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32 CTMBHA"
"hkey"="HKLM"
"command"="Rundll32 CTMBHA.DLL,MBMon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MIDIDef"
"hkey"="HKCU"
"command"="MIDIDef.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VideoraiPodConverter"
"hkey"="HKLM"
"command"="C:\\Program Files\\VideoraiPodConverter\\VideoraiPodConverter.exe -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AndreaVC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\VoiceCenter\\AndreaVC.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinCinemaMgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinCinemaMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinRemote"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinRemote.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 22:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-25 22:01:06
C:\ComboFix-quarantined-files.txt ... 07-04-25 22:01







Logfile of HijackThis v1.99.1
Scan saved at 10:08:15 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\triplej555\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: opnmjih - opnmjih.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

[Ried]

Hiya,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O20 - Winlogon Notify: opnmjih - opnmjih.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders if they still exist.

C:\VundoFix Backups
C:\Documents and settings\triplej555\Application data\Viewpoint
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\khqtvhku.dll
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini2

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run a new scan with dss.exe.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log