Viruses, Adware, Intruders- You name it

[huss4in]

Let me begin with the first incident of popups through a definitve malware program, I dont know how i got it but i did. I'm suddenly bombarded with them, ive tried all the online virus checkers and software including PC-Cillin Internet Security 2007 and Kaspersky. Nothing seems to be able to deal with these popups, ive tried blocking the cookies of the advertisements that splash up on the screen, but to no avail. A thing to note is that these popups only appear when i use I.E. browser and not Firefox.

Anyway, the second issue is more recent, and more serious; my computer has a constant intruder, or atleast to my knowledge, some sort of hacker. I'm pretty certain its someone because of last night when i was using my computer, the disc-ray began to open and close constantly! now i am a believer of the supernatural, but i'm pretty damn certain that this ain't no ghost! As when I stopped my internet traffic via Zone Alarm, it all of a sudden stopped.

And finally, here is my hijack this log, with my firewall, anti-virus, nti-spyware programs and windows all closed;

Logfile of HijackThis v1.99.1
Scan saved at 11:12:10 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Atif\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [inter cake clock pop] "C:\Documents and Settings\All Users.WINDOWS\Application Data\rdr bait inter cake\Enctype.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [inter cake clock pop] "C:\Documents and Settings\All Users.WINDOWS\Application Data\rdr bait inter cake\Enctype.exe"

Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Documents and Settings\All Users.WINDOWS\Application Data\rdr bait inter cake

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

---------------------------------------------------------------------------------------------

Next, please do this:

1. Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt here.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   

   C:\ComboScan\Supplementary.txt

3. Click Upload.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

---------------------------------------------------------------------------------------------



Please return with results from:

C:\NoLOP.txt
Panda Online scan
C:\findlop.txt
ComboScan.txt
Supplementary.txt (Attach this one, please)

[huss4in]

ComboScan v20070212.14 run by Atif on 2007-02-15 at 08:17:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Atif.com) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:18:15 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Atif\Desktop\comboscan.exe
C:\DOCUME~1\Atif\LOCALS~1\Temp\~ihccwxc.tmp\Atif.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\Atif\Desktop\backups\) ---

backup-20070215-062642-345 O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
backup-20070215-062642-428 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
backup-20070215-062643-655 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - system32\drivers\ADIHdAud.sys
3 AEAudioService (AEAudio Service) - system32\drivers\AEAudio.sys
1 AmdK8 (AMD Processor Driver) - System32\DRIVERS\AmdK8.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 hamachi (Hamachi Network Interface) - System32\DRIVERS\hamachi.sys
3 HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - system32\drivers\HdAudio.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - System32\DRIVERS\HDAudBus.sys
3 hidusb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
1 kbdhid (Keyboard HID Driver) - System32\DRIVERS\kbdhid.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - system32\drivers\msmpu401.sys
3 MTsensor (ATK0110 ACPI UTILITY) - System32\DRIVERS\ASACPI.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
3 nv - System32\DRIVERS\nv4_mini.sys
0 nvata - System32\DRIVERS\nvata.sys
3 NVENETFD (NVIDIA nForce Networking Controller Driver) - System32\DRIVERS\NVENETFD.sys
3 nvnetbus (NVIDIA Network Bus Enumerator) - System32\DRIVERS\nvnetbus.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
3 SenFiltService (SenFilt Service) - system32\drivers\Senfilt.sys
0 sptd - System32\Drivers\sptd.sys
0 srescan - system32\ZoneLabs\srescan.sys
0 szkg - system32\DRIVERS\szkg.sys
3 tmcfw (Trend Micro Common Firewall Service) - system32\DRIVERS\TM_CFW.sys
2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2 tmmbd (Trend Micro MBD Driver) - system32\DRIVERS\tm_mbd_c.sys
2 Tmpreflt - system32\drivers\Tmpreflt.sys
1 tmtdi (Trend Micro TDI Driver) - system32\DRIVERS\tmtdi.sys
2 tmxpflt - system32\drivers\TmXPFlt.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
2 Vsapint - system32\drivers\VsapiNT.sys
1 vsdatant - System32\vsdatant.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\System32\nvsvc32.exe
2 PcCtlCom (Trend Micro Central Control Component) - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
3 PcScnSrv (Trend Micro Protection Against Spyware ) - "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe"
2 SDService - C:\Program Files\SpywareDetector\SDService.exe
2 Tmntsrv (Trend Micro Real-time Service) - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
2 TmPfw (Trend Micro Personal Firewall) - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
2 tmproxy (Trend Micro Proxy Service) - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 wwSecSvc (Washer AutoComplete) - C:\WINDOWS\system32\wwSecure.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-02-11 09:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-15 and 2007-02-15 ------------------------------

2007-02-15 06:32:49 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-15 06:32:44 0 d-------- C:\WINDOWS\LastGood
2007-02-15 06:17:03 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-02-14 20:01:29 314368 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-12 18:46:26 0 --a------ C:\Documents and Settings\Atif\HldsUpdateToolTmp.exe<HLDSUP~3.EXE><Unsigned: n/a>
2007-02-12 18:46:26 1167360 --a------ C:\Documents and Settings\Atif\HldsUpdateToolNew.exe<HLDSUP~2.EXE><Unsigned: Valve Corporation>
2007-02-12 01:41:17 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-02-11 22:35:45 0 d-------- C:\HLServer
2007-02-09 12:22:37 0 d-------- C:\Program Files\Steam
2007-02-09 10:44:03 0 --a------ C:\Documents and Settings\Atif\hldsupdatetool.exe<HLDSUP~1.EXE><Unsigned: n/a>
2007-02-07 01:07:32 0 d-------- C:\Program Files\Blaze Media Pro<BLAZEM~1>
2007-02-07 00:18:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{86DA1710-DC61-458B-82EF-D7944F55C107}<{86DA1~1>
2007-02-06 23:52:53 0 d-------- C:\Program Files\ContextConvert Pro<CONTEX~1>
2007-02-06 23:52:46 0 d-------- C:\Program Files\Common Files\MimarSinan<MIMARS~1>
2007-02-05 15:40:26 0 d-------- C:\Program Files\Windows Live Toolbar<WI81E8~1>
2007-02-03 14:13:01 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-02-03 14:12:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation<MICROS~2>
2007-02-03 14:12:10 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MICROS~2>
2007-02-03 14:08:10 0 dr--s---- C:\WINDOWS\assembly
2007-02-03 14:07:11 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-02 15:15:32 0 d-------- C:\Documents and Settings\Atif\Application Data\.BitTornado<BITTOR~1>
2007-02-02 15:15:16 0 d-------- C:\Program Files\BitTornado<BITTOR~1>
2007-02-01 20:23:04 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-01 13:40:31 0 d-------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-01 13:39:34 0 d--h---c- C:\WINDOWS\ie7
2007-02-01 11:55:09 0 d-------- C:\66951bc91c476c38f9ecf958c8cdbf<66951B~1>
2007-01-31 08:08:05 0 d-------- C:\Documents and Settings\Atif\Application Data\Google
2007-01-31 08:07:20 0 d-------- C:\Program Files\Google
2007-01-28 11:23:48 0 d-------- C:\Documents and Settings\Atif\Application Data\Help
2007-01-25 17:47:28 0 d-------- C:\!KillBox
2007-01-25 06:54:59 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-25 06:52:14 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-25 06:52:04 0 d-------- C:\Program Files\Grisoft
2007-01-24 14:07:08 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll<Unsigned: Microsoft Corporation>
2007-01-24 14:07:07 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll<Unsigned: Microsoft Corporation>
2007-01-24 14:07:03 63488 --a------ C:\WINDOWS\system32\unam4ie.exe<Unsigned: Microsoft Corporation>
2007-01-24 1458 10240 --a------ C:\WINDOWS\system32\vidx16.dll<Unsigned: n/a>
2007-01-24 1457 194320 --a------ C:\WINDOWS\system32\qcut.dll<Unsigned: Microsoft Corporation>
2007-01-24 1456 4608 --a------ C:\WINDOWS\system32\w95inf32.dll<Unsigned: Microsoft Corporation>
2007-01-24 1455 2272 --a------ C:\WINDOWS\system32\w95inf16.dll<Unsigned: Microsoft Corporation>
2007-01-24 13:53:48 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-01-21 21:44:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro<TRENDM~1>
2007-01-21 07:46:09 0 d-------- C:\Documents and Settings\Atif\.housecall6.6<HOUSEC~1.6>
2007-01-21 06:08:00 0 d-------- C:\WINDOWS\BDOSCAN8
2007-01-21 03:18:15 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-01-21 02:48:49 45056 -r------- C:\WINDOWS\system32\zats186.dll<Unsigned: 186 Productions>
2007-01-21 02:48:01 0 d-------- C:\WINDOWS\system32\ZeroAdsSetupFiles3.4.265<ZEROAD~1.265>
2007-01-21 02:37:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Spyware<PARETO~1>
2007-01-21 02:19:13 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-01-21 01:59:35 63 --a------ C:\WINDOWS\system\SysSD.dll<Unsigned: n/a>
2007-01-21 01:59:10 1032192 --a------ C:\WINDOWS\system32\VchReg.dll<Unsigned: Max Secure Software>
2007-01-21 01:59:08 0 d-------- C:\Program Files\SpywareDetector<SPYWAR~2>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.>
2007-01-19 05:49:15 150528 --a------ C:\WINDOWS\unSpySweeper.exe<UNSPYS~1.EXE><Unsigned: Webroot Software, Inc.>
2007-01-19 05:45:52 0 d-------- C:\Documents and Settings\Atif\Application Data\Webroot
2007-01-19 05:45:50 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-01-19 05:45:21 57344 --a------ C:\WINDOWS\Unwash6.exe<Unsigned: Webroot Software, Inc.>
2007-01-19 05:45:21 487936 --a------ C:\WINDOWS\system32\wwSecure.exe<Unsigned: Webroot Software, Inc.>
2007-01-19 03:51:59 0 d-------- C:\WINDOWS\system32\athan
2007-01-19 03:51:55 0 d-------- C:\Program Files\Athan
2007-01-17 23:42:51 0 d-------- C:\Documents and Settings\Atif\Application Data\Lavasoft
2007-01-17 22:47:38 0 d-------- C:\Program Files\Webroot
2007-01-17 19:17:45 0 d-------- C:\TEMP
2007-01-17 19:15:13 0 d-------- C:\Program Files\Kelloggs Horrible Science<KELLOG~1>
2007-01-17 18:13:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-01-17 17:16:29 0 d-------- C:\Documents and Settings\Atif\Application Data\CHINBINDBUILD<CHINBI~1>
2007-01-17 17:16:17 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>


-- Find3M Report ----------------------------------------------------------------

2007-02-15 07:20:57 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-15 07:16:26 0 d-------- C:\Program Files\iTunes
2007-02-13 00:24:51 0 d-------- C:\Program Files\Java
2007-02-12 19:20:10 0 d-------- C:\Program Files\eMule
2007-02-11 15:13:41 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-11 15:12:58 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-07 17:45:44 0 d-------- C:\Program Files\Valve
2007-02-05 15:42:46 0 d---s---- C:\Documents and Settings\Atif\Application Data\Microsoft<MICROS~1>
2007-02-05 15:40:06 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-31 08:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-28 15:47:03 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-24 17:45:46 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.>
2007-01-13 00:05:29 0 d-------- C:\Documents and Settings\Atif\Application Data\World Market Watch<WORLDM~1>
2007-01-10 11:23:15 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-01-10 11:19:17 0 d-------- C:\Program Files\The Rosetta Stone<THEROS~1>
2007-01-08 16:04:31 0 d-------- C:\Documents and Settings\Atif\Application Data\Real
2007-01-08 16:04:31 0 d-------- C:\Documents and Settings\Atif\Application Data\Media Player Classic<MEDIAP~1>
2007-01-08 16:04:05 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-01-08 16:04:02 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-08 15:56:14 0 d-------- C:\Documents and Settings\Atif\Application Data\.gaim<GAIM~1>
2007-01-07 18:43:58 0 d-------- C:\Program Files\Pointstone<POINTS~1>
2006-12-29 23:15:49 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2006-12-29 22:02:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2006-12-27 18:53:17 0 d-------- C:\Documents and Settings\Atif\Application Data\PC Tools<PCTOOL~1>
2006-12-27 03:17:21 0 d-------- C:\Documents and Settings\Atif\Application Data\Macromedia<MACROM~1>
2006-12-27 03:16:47 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2006-12-27 03:16:27 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2006-12-26 15:40:30 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2006-12-26 03:00:50 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2006-12-26 02:21:59 0 d-------- C:\Documents and Settings\Atif\Application Data\LimeWire
2006-12-24 20:28:58 0 d-------- C:\Program Files\HP
2006-12-21 23:48:29 0 d-------- C:\Program Files\Gaim
2006-12-21 23:48:19 0 d-------- C:\Program Files\Common Files\GTK
2006-12-19 22:58:45 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2006-12-19 22:47:49 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2006-12-19 17:40:42 0 d-------- C:\Documents and Settings\Atif\Application Data\System Requirements Lab<SYSTEM~1>
2006-12-19 17:40:41 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab<SYSTEM~1>
2006-12-19 09:16:11 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2006-12-19 09:15:59 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2006-12-18 10:14:59 0 d-------- C:\Documents and Settings\Atif\Application Data\Adobe
2006-12-11 05:54:38 671 --a------ C:\WINDOWS\mozver.dat
2006-12-09 23:48:26 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-09 22:54:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-09 22:42:00 62 --ahs---- C:\Documents and Settings\Atif\Application Data\desktop.ini
2006-12-09 21:43:03 0 -rahs---- C:\MSDOS.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 -rahs---- C:\IO.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 --a------ C:\CONFIG.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 --a------ C:\AUTOEXEC.BAT
2006-12-07 12:39:28 1077248 --a------ C:\WINDOWS\system32\NMSDVDX.dll<Unsigned: NuMedia Soft, Inc.>
2006-12-07 12:39:16 1101824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll<Unsigned: NuMedia Soft, Inc.>
2006-11-30 15:19:38 159744 --a------ C:\WINDOWS\system32\DirectEncode.dll<DIRECT~1.DLL><Unsigned: Essien Research & Development>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"Athan"="C:\\Program Files\\Athan\\Athan.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000001
"NoInternetIcon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-15 at 08:19:11 -------------------------

Volume in drive C has no label.
Volume Serial Number is A0F2-EE71

Directory of C:\Documents and Settings\All Users\Application Data

12/09/2006 04:29 PM <DIR> Adobe
12/09/2006 07:27 PM <DIR> Apple Computer
12/09/2006 08:39 PM <DIR> Office Genuine Advantage
12/09/2006 04:34 PM <DIR> Spybot - Search & Destroy
12/09/2006 08:34 PM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
5 Dir(s) 58,097,188,864 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71

Directory of C:\Documents and Settings\Atif\Application Data

02/02/2007 03:15 PM <DIR> .BitTornado
01/08/2007 03:56 PM <DIR> .gaim
12/18/2006 10:14 AM <DIR> Adobe
12/09/2006 11:56 PM <DIR> Apple Computer
01/21/2007 06:13 AM <DIR> CHINBINDBUILD
01/31/2007 08:08 AM <DIR> Google
12/14/2006 10:49 AM <DIR> Hamachi
01/28/2007 11:23 AM <DIR> Help
12/09/2006 11:04 PM <DIR> Identities
01/22/2007 04:33 AM <DIR> Lavasoft
12/26/2006 02:21 AM <DIR> LimeWire
12/27/2006 03:17 AM <DIR> Macromedia
01/08/2007 04:04 PM <DIR> Media Player Classic
12/09/2006 11:48 PM <DIR> Mozilla
12/27/2006 06:53 PM <DIR> PC Tools
01/08/2007 04:04 PM <DIR> Real
12/11/2006 05:55 AM <DIR> Sun
12/19/2006 05:40 PM <DIR> System Requirements Lab
01/19/2007 05:45 AM <DIR> Webroot
01/13/2007 12:05 AM <DIR> World Market Watch
0 File(s) 0 bytes
20 Dir(s) 58,097,184,768 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71

Directory of C:\Documents and Settings\Default User\Application Data

12/09/2006 09:33 PM <DIR> .
12/09/2006 09:33 PM <DIR> ..
12/09/2006 09:33 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 58,097,184,768 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is A0F2-EE71

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/11/2007 9:51:00
NextRun: 02/18/2007 9:51:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: U......
StartDate: 12/09/2006
EndDate: 00/00/0000
StartTime: 09:51
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


NoLop! Log by Skate_Punk_21

Fix running from: C:\Program Files\Mozilla Firefox
[2/15/2007]
[6:16:07 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\94982E3B855FA34F.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Apple Computer
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users.windows\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\Paretologic Anti-spyware
C:\Documents and Settings\All Users.windows\Application Data\Real -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users.windows\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Trend Micro
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\{86da1710-dc61-458b-82ef-d7944f55c107}
C:\Documents and Settings\Atif\Application Data\.bittornado
C:\Documents and Settings\Atif\Application Data\.gaim
C:\Documents and Settings\Atif\Application Data\Adobe
C:\Documents and Settings\Atif\Application Data\Apple Computer
C:\Documents and Settings\Atif\Application Data\Chinbindbuild
C:\Documents and Settings\Atif\Application Data\Google
C:\Documents and Settings\Atif\Application Data\Hamachi
C:\Documents and Settings\Atif\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Atif\Application Data\Identities
C:\Documents and Settings\Atif\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Atif\Application Data\Limewire
C:\Documents and Settings\Atif\Application Data\Macromedia
C:\Documents and Settings\Atif\Application Data\Media Player Classic
C:\Documents and Settings\Atif\Application Data\Microsoft
C:\Documents and Settings\Atif\Application Data\Mozilla
C:\Documents and Settings\Atif\Application Data\Pc Tools
C:\Documents and Settings\Atif\Application Data\Real
C:\Documents and Settings\Atif\Application Data\Sun
C:\Documents and Settings\Atif\Application Data\System Requirements Lab
C:\Documents and Settings\Atif\Application Data\Webroot
C:\Documents and Settings\Atif\Application Data\World Market Watch -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
-------------------------------------------------------------------
Activescan - Panda

Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Atif\Cookies\atif@888[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Atif\Cookies\atif@atdmt[1].txt


=================================================================

Sorry, my browser wouldn't let me attach this file:

ComboScan v20070212.14 run by Atif on 2007-02-15 at 08:17:59
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 510.48 MiB / 128.16 MiB
Pagefile Memory (total/avail): 1246.87 MiB / 720.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 114.48 GiB total, 54.08 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Pro Firewall v6.5.737.000 (Zone Labs, Inc.)
FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1433 (Trend Micro, Inc.)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Atif\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ATIF-V00TSHKJO6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Atif
LOGONSERVER=\\ATIF-V00TSHKJO6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Atif\LOCALS~1\Temp
TMP=C:\DOCUME~1\Atif\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ATIF-V00TSHKJO6
USERNAME=Atif
USERPROFILE=C:\Documents and Settings\Atif
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Atif (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.18 --> C:\Program Files\BitTornado\uninst.exe
Blaze Media Pro --> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{86DA1710-DC61-458B-82EF-D7944F55C107}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
ContextConvert Pro --> "C:\Program Files\Common Files\MimarSinan\Installation Information\{DE05C377-B3AF-4447-9227-B9308203C500}\{64E3AE46-13E6-4613-B688-8F29D3120C15}\mia.exe" REMOVE=TRUE MODIFY=FALSE
Dev-C++ 4 --> C:\WINDOWS\uninst.exe -fC:\Dev-C++\DeIsL1.isu -cC:\Dev-C++\_ISREG32.DLL
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\DOCUME~1\Atif\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exe /uninstall
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Messenger Plus! Live & Sponsor --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
noSteam Counter-Strike 1.6 v.7 --> C:\PROGRA~1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye12.tmp\UNWISE.EXE C:\PROGRA~1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye12.tmp\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PromaSoft Autoresponder --> "C:\Program Files\PromaSoft Autoresponder\unins000.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XPlite PROFESSIONAL --> "C:\Documents and Settings\Atif\Desktop\XPlite.exe" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of ComboScan: finished at 2007-02-15 at 08:19:11 -------------------------

[tetonbob]

Good job!

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Messenger Plus! Live & Sponsor<<<<You have installed MessengerPlus3 and contracted a lop infection. Please uninstall MessengerPlus3 using Add/Remove Programs. If the program is a must have, reinstall it and politely decline when asked to install the sponsor's software.


J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9 These are outdated versions, and should be uninstalled. Update 11 is the most recent update for Version 5.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Documents and Settings\Atif\Application Data\CHINBINDBUILD

---------------------------------------------------------------------------------------------
Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • AOL Active Virus Shield (powered by Kaspersky Antivirus)
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  

  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial

• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  Do not install more than one firewall program because they will conflict with each other.

• Comodo Personal Firewall
• ZoneAlarm

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Note: Your system appears to be in pretty good shape, once you perform the above instructions. I'll be away from the keyboard for the next few days. If you do have continued issues, I'll pick up this thread upon my return.

[huss4in]

Thanks a bunch for the help, although I'm still a little apprehensive of the stalker on my computer, I'm glad to know that i don't have them annoying pop ups any more. I do have a few issues remaining, but can't be too sure if they're anything at all other than just a slow connection. I find files logged on my Zone Alarm firewall that are always in the temporary folder, ones that i know i did not download. When i try to locate them, Zone Alarm says that they do not exist. Obviously they did at one time, and I am certain that it wasn't me who downloaded them.

[tetonbob]

You may be better off asking those other questions in the Security and Firewalls forum. Let them know you've been here and been cleared of malware.