pop ups doing my head in

jason@jason859. · 05-02-2007, 04:18 AM

hi guys anyhelp with my prob would be great my daughter has been using msn messenger and she told me there was a problem with my pc it started throwing up pop ups at every oppotunity porn ones and also win fixer saying im infected and down load their software bloody cheek any help would be appreciated here is my hijack log for your eyes thanks guys .
Logfile of HijackThis v1.99.1
Scan saved at 12:16:06, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\jay\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\modvqepk.dll",setvm
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

alba · 05-02-2007, 02:51 PM

Hello jason@jason859.

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

The infection you have can hide from HJT please do the following,

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

jason@jason859. · 05-03-2007, 03:22 AM

Deckard's System Scanner v20070426.43
Run by jay on 2007-05-03 at 10:53:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
11: 2007-05-03 09:53:43 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2007-05-03 09:39:11 UTC - RP10 - System Checkpoint
9: 2007-05-02 09:34:56 UTC - RP9 - Installed Alcohol 120%
8: 2007-05-01 13:08:49 UTC - RP8 - System Checkpoint
7: 2007-04-30 10:50:28 UTC - RP7 - Installed STOPzilla!

-- First Restore Point --
1: 2007-04-23 21:25:48 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as jay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:55:15, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92B83CF5-6C13-46EE-8D1A-ECF2B277B7B3} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9796007A-181E-4C97-99EB-7F71B8989A7B} - C:\WINDOWS\system32\wvurpno.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\modvqepk.dll",setvm
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R3 axsaki - c:\windows\system32\drivers\axsaki.sys
R3 axskbus - c:\windows\system32\drivers\axskbus.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 atinevxx (ATI WDM Rage Theater Video NSP) - c:\windows\system32\drivers\atinevxx.sys <Not Verified; ATI Technologies Inc.; ATI WDM RT>
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 giveio - c:\windows\system32\giveio.sys
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 ST330 - c:\windows\system32\drivers\st330.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch 330>
S3 STBUS - c:\windows\system32\drivers\stbus.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch vbus>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
S3 wanusb (Fujitsu USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STOPzilla Local Service - c:\program files\stopzilla!\szntsvc.exe /service "stopzilla local service" <Not Verified; International Software Systems Solutions; >

-- Scheduled Tasks -------------------------------------------------------------

2007-05-03 08:00:00 362 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2007-04-26 17:28:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-04-03 and 2007-05-03 -----------------------------

2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-28 21:52:14 576774 ---hs---- C:\WINDOWS\system32\utvwa.ini2
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-12 19:16:17 544533 ---hs---- C:\WINDOWS\system32\utvwa.bak2
2007-04-12 06:49:37 26694 --a------ C:\WINDOWS\system32\ddcyxuv.dll
2007-04-12 06:49:24 26694 --a------ C:\WINDOWS\system32\pmnmjgg.dll
2007-04-12 05:59:37 26694 --a------ C:\WINDOWS\system32\vtuvtqp.dll
2007-04-12 05:54:14 26694 --a------ C:\WINDOWS\system32\wvustro.dll
2007-04-12 04:29:47 26694 --a------ C:\WINDOWS\system32\rqrssrq.dll
2007-04-12 04:29:14 26694 --a------ C:\WINDOWS\system32\jkkkhih.dll
2007-04-12 02:19:41 26694 --a------ C:\WINDOWS\system32\wvutqom.dll
2007-04-12 02:19:14 26694 --a------ C:\WINDOWS\system32\rqroopq.dll
2007-04-12 00:34:37 26694 --a------ C:\WINDOWS\system32\yaywwxy.dll
2007-04-12 00:34:15 26694 --a------ C:\WINDOWS\system32\pmnopqp.dll
2007-04-11 23:09:32 26694 --a------ C:\WINDOWS\system32\vtusppo.dll
2007-04-11 23:09:09 26694 --a------ C:\WINDOWS\system32\ljjhihf.dll
2007-04-11 22:04:32 26694 --a------ C:\WINDOWS\system32\qomkljh.dll
2007-04-11 22:04:10 26694 --a------ C:\WINDOWS\system32\hggecde.dll
2007-04-11 21:09:32 26694 --a------ C:\WINDOWS\system32\wvuturs.dll
2007-04-11 21:09:10 26694 --a------ C:\WINDOWS\system32\iifeebb.dll
2007-04-11 20:09:32 26694 --a------ C:\WINDOWS\system32\vtuvstu.dll
2007-04-11 20:09:13 26694 --a------ C:\WINDOWS\system32\fcccday.dll
2007-04-11 19:44:39 26694 --a------ C:\WINDOWS\system32\hggdaya.dll
2007-04-11 19:44:16 26694 --a------ C:\WINDOWS\system32\khfdbbx.dll
2007-04-11 19:26:24 26694 --a------ C:\WINDOWS\system32\pmnomkh.dll
2007-04-11 19:26:16 189952 --a------ C:\Documents and Settings\jay\us.exe <Not Verified; Microsoft Corporation; MSN Messenger>
2007-04-11 19:16:04 529125 ---hs---- C:\WINDOWS\system32\utvwa.bak1
2007-04-11 19:15:48 280676 --ahs---- C:\WINDOWS\system32\ssqrr.dll
2007-04-11 19:15:48 280676 --ahs---- C:\WINDOWS\system32\awvtu.dll
2007-04-11 19:10:45 26694 --a------ C:\WINDOWS\system32\yayyxwt.dll
2007-04-11 19:10:35 0 d-------- C:\Program Files\Common Files\{387BC2FD-0E07-2057-1128-05090106002c}
2007-04-11 19:10:26 189952 --a------ C:\WINDOWS\us.exe <Not Verified; Microsoft Corporation; MSN Messenger>
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-04 03:05:35 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo

-- Find3M Report ---------------------------------------------------------------

2007-05-03 08:00:05 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-02 19:46:17 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-02 12:39:35 0 d-------- C:\Program Files\eMule
2007-05-02 09:56:08 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-02 09:56:08 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-02 00:50:24 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-05-01 12:26:24 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-01 11:26:31 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-04-29 04:29:59 0 d-------- C:\Program Files\Winamp
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-04-02 14:28:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17

10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:50:49 0 d-------- C:\Program Files\ATI Technologies
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-03-04 19:39:31 0 d-------- C:\Program Files\Java
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{92B83CF5-6C13-46EE-8D1A-ECF2B277B7B3} C:\WINDOWS\system32\awvtu.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{9796007A-181E-4C97-99EB-7F71B8989A7B} C:\WINDOWS\system32\wvurpno.dll [x]
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\modvqepk.dll\",setvm"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9796007A-181E-4C97-99EB-7F71B8989A7B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN

-- End of Deckard's System Scanner: finished at 2007-05-03 at 10:56:26 ---------

jason@jason859. · 05-03-2007, 03:24 AM

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.60GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.60GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1023.29 MiB / 472.4 MiB
Pagefile Memory (total/avail): 3997.25 MiB / 3532.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 101.87 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is CDROM (Unformatted)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Fixed (FAT32) - 298.02 GiB total, 125.05 GiB free.
M: is CDROM (CDFS)
N: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Anti-Spyware Firewall v7.0.337.000 (Check Point, LTD.)
AV: AVG 7.5.467 v7.5.467 (GRISOFT)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jay\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=J-9D3A1511A1234
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jay
LOGONSERVER=\\J-9D3A1511A1234
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jay\LOCALS~1\Temp
TMP=C:\DOCUME~1\jay\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=J-9D3A1511A1234
USERNAME=jay
USERPROFILE=C:\Documents and Settings\jay
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

jay (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
All Video Joiner 3.0 --> "C:\Program Files\All Video Joiner\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Ashampoo WinOptimizer 4.00 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Anti-Virus 7.1 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Brian Lara International Cricket 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B157A698-7515-4AB0-95A0-072A305B52A8}\setup.exe" -l0x9
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Championship Manager 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25FED2B8-57D5-4A0D-98BF-973411E0D43E}\Setup.exe" -l0x9 -removeonly
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
CopyToDVD 3.0.56 --> "C:\Program Files\VSO\unins000.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
Easy CD Cover Printer --> C:\PROGRA~1\EASYCD~1\UNWISE.EXE C:\PROGRA~1\EASYCD~1\INSTALL.LOG
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FFdshow [2006-08-18 | rev 2546] --> "C:\Program Files\ffdshow\unins000.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\jay\Desktop\HijackThis.exe /uninstall
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Legends_1280x1024 --> C:\Program Files\Legends_1280x1024\Uninstall.exe
LimeWire 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
MailWasher Pro --> "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"
Motorola Software Update --> MsiExec.exe /I{C56D9A7F-EFCE-4526-8CD0-D042786D6EEE}
Mozilla Firefox (1.5.0.11) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.11 (en-US)"
MP3 Player Utilities 3.11 --> MsiExec.exe /I{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Open Video Joiner version 3.0.0 --> "C:\Program Files\OpenVideoJoiner\unins000.exe"
Orange Search Toolbar --> C:\Program Files\orange3\uninstall.exe -uninstall -prompt
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Scarface: The World is Yours --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Sniper Elite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
STOPzilla! --> C:\Program Files\STOPzilla!\SZUninstall.exe
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UseNeXT --> "C:\Program Files\UseNeXT\unins003.exe"
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
x264 Revision 531 x264.nl (remove only) --> "C:\Program Files\x264\x264-uninstall.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
ZoneAlarm Anti-Spyware --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- End of Deckard's System Scanner: finished at 2007-05-03 at 10:56:26 ---------

jason@jason859. · 05-03-2007, 03:42 AM

ref pop ups

alba · 05-03-2007, 06:16 AM

Hi again jason@jason859.

This will take a couple of runs to clean so please stay with me

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.

=================

1. Download this file - Here

Alternative link

* IMPORTANT !!! Place combofix.exe on your Desktop

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=================

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

=================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:

ComboFix.txt
Online scan
main.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

jason@jason859. · 05-04-2007, 09:43 AM

alba thanks for your time in helping me with my pc problem it is well appreciated.
i seem to be having problem completing the panda scan it gets to 47388 files completed which is about a third of the way through and then seems to close itself down ive tried three occasions to complete the scan but its not having it sorry dont know why anyway ive attached the first combofix report for your eyes

"jay" - 07-05-03 21:11:37 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jay\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ddcyxuv.dll
C:\WINDOWS\system32\fcccday.dll
C:\WINDOWS\system32\hggdaya.dll
C:\WINDOWS\system32\hggecde.dll
C:\WINDOWS\system32\iifeebb.dll
C:\WINDOWS\system32\jkkkhih.dll
C:\WINDOWS\system32\khfdbbx.dll
C:\WINDOWS\system32\ljjhihf.dll
C:\WINDOWS\system32\pmnmjgg.dll
C:\WINDOWS\system32\pmnomkh.dll
C:\WINDOWS\system32\pmnopqp.dll
C:\WINDOWS\system32\qomkljh.dll
C:\WINDOWS\system32\rqroopq.dll
C:\WINDOWS\system32\rqrssrq.dll
C:\WINDOWS\system32\vtusppo.dll
C:\WINDOWS\system32\vtuvstu.dll
C:\WINDOWS\system32\vtuvtqp.dll
C:\WINDOWS\system32\wvustro.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvuturs.dll
C:\WINDOWS\system32\yaywwxy.dll
C:\WINDOWS\system32\yayyxwt.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\utvwa.tmp
C:\WINDOWS\system32\awvtu.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg
C:\Program Files\screensavers.com\Wallpaper\Thumbs.db
C:\Program Files\Common Files\{387BC~1\UnInstall.exe
C:\DOCUME~1\jay\Desktop.\internet explorer.lnk
C:\Program Files\screensavers.com
C:\Program Files\Common Files\{387BC~1

((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))

2007-05-03 10:53 <DIR> d-------- C:\Deckard
2007-05-02 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-30 11:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\STOPzilla!
2007-04-30 11:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28 <DIR> dr-h----- C:\DOCUME~1\jay\APPLIC~1\SecuROM
2007-04-26 15:58 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-23 22:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 21:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 21:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-19 23:19 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-19 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-19 13:07 <DIR> d--hs---- C:\found.000
2007-04-15 12:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 21:12 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Lavasoft
2007-04-11 19:26 189,952 --a------ C:\DOCUME~1\jay\us.exe
2007-04-11 19:10 189,952 --a------ C:\WINDOWS\us.exe
2007-04-11 19:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-08 18:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 18:29 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 18:29 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 18:29 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 18:29 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-04 03:05 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
2007-04-04 03:04 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-03 21:15 384 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-03 21:15 384 --a------ C:\WINDOWS\system32\dvcstate-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-03 12:48 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\dvdcss
2007-05-03 12:47 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\copytodvd
2007-05-03 10:24 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\mailwasherpro
2007-05-02 12:39 -------- d-------- C:\Program Files\emule
2007-05-02 00:50 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\usenext
2007-04-29 08:54 -------- d-------- C:\Program Files\championship manager 2007
2007-04-29 07:08 -------- d---s---- C:\Program Files\xfire
2007-04-29 07:08 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\xfire
2007-04-29 05:19 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\utorrent
2007-04-29 04:29 -------- d-------- C:\Program Files\winamp
2007-04-27 14:19 -------- d-------- C:\Program Files\electronic arts
2007-04-26 17:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 22:07 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-18 13:41 -------- d-------- C:\Program Files\dvdsanta
2007-04-12 13:11 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:34 -------- d-------- C:\Program Files\usenext
2007-04-08 18:44 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-08 18:14 -------- d-------- C:\Program Files\thq
2007-04-02 14:28 -------- d--h----- C:\Program Files\installshield installation information
2007-04-02 14:28 -------- d-------- C:\Program Files\codemasters
2007-03-27 17:16 2309944 --a------ C:\WINDOWS\legends_1280x1024.scr
2007-03-27 17:16 -------- d-------- C:\Program Files\legends_1280x1024
2007-03-24 13:45 81920 --a------ C:\WINDOWS\system32\w32n50.dll
2007-03-24 13:45 17134 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-03-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-20 01:52 -------- d-------- C:\Program Files\multi_media
2007-03-19 14:17 -------- d-------- C:\Program Files\motorola
2007-03-19 13:42 -------- d-------- C:\Program Files\mobile phonetools
2007-03-19 13:15 -------- d-------- C:\Program Files\liveupdate
2007-03-15 02:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-15 02:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 02:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 02:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 02:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 02:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-15 02:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 02:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-15 02:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 02:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 02:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-15 02:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-15 02:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 02:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-15 02:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-15 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-15 02:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 23:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-20 15:54 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 21:21:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-03 21:22:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-03 21:22

alba · 05-04-2007, 09:53 AM

Hi Jason

Combo has done a good clean out, can you please do the following.
1. paste the main.txt from DSS in you next post

2.
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

jason@jason859. · 05-04-2007, 12:51 PM

hi alba just done the scan and here is the log many thanks jason

jason@jason859. · 05-04-2007, 12:59 PM

sry made a boob there hopefully here it is

KASPERSKY ONLINE SCANNER REPORT
Friday, May 04, 2007 8:48:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/05/2007
Kaspersky Anti-Virus database records: 313303
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Scan Statistics
Total number of scanned objects 84412
Number of viruses found 8
Number of infected objects 61 / 0
Number of suspicious objects 0
Duration of the scan process 01:42:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2da227a583edda8c53554878b2f5b5a5_a770f220-b2b2-44b9-be70-7e52f2657847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - junk.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - legitimate.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\cert8.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\history.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\key3.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\parent.lock Object is locked skipped
C:\Documents and Settings\jay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\jay\ntuser.dat Object is locked skipped
C:\Documents and Settings\jay\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\jay\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/data0012 Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip ZIP: infected - 2 skipped
C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab/MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi Embedded: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5B8278B2-4803-49C5-A4CA-D1007350BC84}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
L:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
Scan process completed.

HERE IS DSS LOG AS WELL CHEERS

Deckard's System Scanner v20070426.43
Run by jay on 2007-05-04 at 20:57:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as jay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:57:34, on 04/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2007-05-04 18:58:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 21:30:01 0 d-------- C:\WINDOWS\LastGood
2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:26:16 189952 --a------ C:\Documents and Settings\jay\us.exe <Not Verified; Microsoft Corporation; MSN Messenger>
2007-04-11 19:10:26 189952 --a------ C:\WINDOWS\us.exe <Not Verified; Microsoft Corporation; MSN Messenger>
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-04 03:05:35 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo

-- Find3M Report ---------------------------------------------------------------

2007-05-04 17:27:08 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-04 17:21:01 0 d-------- C:\Program Files\QuickPar
2007-05-04 17:20:57 0 d-------- C:\Program Files\Winamp
2007-05-04 17:20:57 0 d-------- C:\Program Files\QuickTime
2007-05-04 17:20:57 0 d-------- C:\Program Files\iTunes
2007-05-04 17:20:57 0 d-------- C:\Program Files\DAEMON Tools
2007-05-04 17:20:22 0 d-------- C:\Program Files\Google
2007-05-04 17:20:21 0 d-------- C:\Program Files\orange3
2007-05-03 22

37 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-03 22

37 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-03 21:20:29 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-03 12:48:00 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-05-03 12:47:00 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-02 12:39:35 0 d-------- C:\Program Files\eMule
2007-05-02 00:50:24 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-04-02 14:28:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17

10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:50:49 0 d-------- C:\Program Files\ATI Technologies
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-03-04 19:39:31 0 d-------- C:\Program Files\Java
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdc04d38-a4c5-11db-b914-0013d495b157}]
Shell\AutoRun\command M:\autorun.exe

-- End of Deckard's System Scanner: finished at 2007-05-04 at 20:58:10 ---------

alba · 05-04-2007, 01:49 PM

Hi Jason

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=================

2. Go to

| Run | paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /v wvurpno oybguief

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===============================================

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

==============================================

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================================

From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :

FunWebProducts
MediaFACE 4.0

=================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please remember to close all other windows, including browsers then click Fix checked.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

Tick - Show hidden files and folder
Untick - Hide file extensions for known types
Untick - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following folders, if present:

C:\Program Files\FunWebProducts
C:\Program Files\Fellowes\MediaFACE 4.0

Locate and delete the following files:

C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma
C:\Documents and Settings\jay\us.exe
C:\WINDOWS\us.exe
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip

=================

REBOOT TO NORMAL MODE

=================

Go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Leave the scanning options at default and press "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and post it in your next reply

=================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:

ComboFix.txt
Online scan
main.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

jason@jason859. · 05-08-2007, 11:59 AM

hi alba sorry took my time doing the logs mate ive been busy with my family we have to be moved out of our house due to a minor earthquake in kent so im only getting home once ina while anyway comp seems to be running fine no pop ups yet so all is ok i hope just one question mate that media face prog that you asked me to delete is prog on a disk for doing labels for cd/dvd iive took it off my machine but i do need to work with it do you think it was causing trouble on pc or would it be ok to put back on when requred .once again thanks for your time and patience with me and my pc you guys are the dogs nuts thanks, jason.

logs as follows

KASPERSKY ONLINE SCANNER REPORT
Friday, May 04, 2007 8:48:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/05/2007
Kaspersky Anti-Virus database records: 313303
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Scan Statistics
Total number of scanned objects 84412
Number of viruses found 8
Number of infected objects 61 / 0
Number of suspicious objects 0
Duration of the scan process 01:42:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2da227a583edda8c53554878b2f5b5a5_a770f220-b2b2-44b9-be70-7e52f2657847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - junk.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - legitimate.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\cert8.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\history.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\key3.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\parent.lock Object is locked skipped
C:\Documents and Settings\jay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\jay\ntuser.dat Object is locked skipped
C:\Documents and Settings\jay\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\jay\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/data0012 Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip ZIP: infected - 2 skipped
C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab/MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi Embedded: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5B8278B2-4803-49C5-A4CA-D1007350BC84}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
L:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
Scan process completed.

Deckard's System Scanner v20070426.43
Run by jay on 2007-05-08 at 19:42:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as jay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:42:21, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- Files created between 2007-04-08 and 2007-05-08 -----------------------------

2007-05-05 23:48:33 0 d-------- C:\WINDOWS\LastGood
2007-05-05 23:48:33 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2007-05-08 17:40:28 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-08 08:00:04 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-05 23:41:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 23:41:35 0 d-------- C:\Program Files\Winamp
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-04 17:21:01 0 d-------- C:\Program Files\QuickPar
2007-05-04 17:20:57 0 d-------- C:\Program Files\QuickTime
2007-05-04 17:20:57 0 d-------- C:\Program Files\iTunes
2007-05-04 17:20:57 0 d-------- C:\Program Files\DAEMON Tools
2007-05-04 17:20:22 0 d-------- C:\Program Files\Google
2007-05-04 17:20:21 0 d-------- C:\Program Files\orange3
2007-05-03 12:48:00 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-05-03 12:47:00 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-02 12:39:35 0 d-------- C:\Program Files\eMule
2007-05-02 00:50:24 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ
2007-04-05 11:36:45 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17

10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

-- End of Deckard's System Scanner: finished at 2007-05-08 at 19:43:01 ---------

"jay" - 07-05-08 19:53:53 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jay\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 21:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 10:53 <DIR> d-------- C:\Deckard
2007-05-02 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-30 11:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\STOPzilla!
2007-04-30 11:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28 <DIR> dr-h----- C:\DOCUME~1\jay\APPLIC~1\SecuROM
2007-04-26 15:58 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-23 22:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 21:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 21:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-19 23:19 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-19 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-19 13:07 <DIR> d--hs---- C:\found.000
2007-04-15 12:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 21:12 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Lavasoft
2007-04-11 19:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-08 18:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 18:29 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 18:29 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 18:29 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 18:29 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-08 17:40 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\mailwasherpro
2007-05-05 23:41 -------- d--h----- C:\Program Files\installshield installation information
2007-05-05 23:41 -------- d-------- C:\Program Files\winamp
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstate-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-04 17:21 -------- d-------- C:\Program Files\quickpar
2007-05-04 17:20 -------- d-------- C:\Program Files\quicktime
2007-05-04 17:20 -------- d-------- C:\Program Files\orange3
2007-05-04 17:20 -------- d-------- C:\Program Files\itunes
2007-05-04 17:20 -------- d-------- C:\Program Files\google
2007-05-04 17:20 -------- d-------- C:\Program Files\daemon tools
2007-05-03 12:48 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\dvdcss
2007-05-03 12:47 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\copytodvd
2007-05-02 12:39 -------- d-------- C:\Program Files\emule
2007-05-02 00:50 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\usenext
2007-04-29 08:54 -------- d-------- C:\Program Files\championship manager 2007
2007-04-29 07:08 -------- d---s---- C:\Program Files\xfire
2007-04-29 07:08 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\xfire
2007-04-29 05:19 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\utorrent
2007-04-27 14:19 -------- d-------- C:\Program Files\electronic arts
2007-04-26 17:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 22:07 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-18 13:41 -------- d-------- C:\Program Files\dvdsanta
2007-04-12 13:11 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:34 -------- d-------- C:\Program Files\usenext
2007-04-08 18:44 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-08 18:14 -------- d-------- C:\Program Files\thq
2007-04-05 11:36 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\command & conquer 3 tiberium wars demo
2007-04-02 14:28 -------- d-------- C:\Program Files\codemasters
2007-03-27 17:16 2309944 --a------ C:\WINDOWS\legends_1280x1024.scr
2007-03-27 17:16 -------- d-------- C:\Program Files\legends_1280x1024
2007-03-24 13:45 81920 --a------ C:\WINDOWS\system32\w32n50.dll
2007-03-24 13:45 17134 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-03-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-20 01:52 -------- d-------- C:\Program Files\multi_media
2007-03-19 14:17 -------- d-------- C:\Program Files\motorola
2007-03-19 13:42 -------- d-------- C:\Program Files\mobile phonetools
2007-03-19 13:15 -------- d-------- C:\Program Files\liveupdate
2007-03-15 02:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-15 02:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 02:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 02:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 02:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 02:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-15 02:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 02:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-15 02:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 02:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 02:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-15 02:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-15 02:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 02:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-15 02:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-15 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-15 02:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 23:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-20 15:54 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 19:57:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-08 19:57:35
C:\ComboFix-quarantined-files.txt ... 07-05-08 19:57
C:\ComboFix2.txt ... 07-05-05 22:29
C:\ComboFix3.txt ... 07-05-05 22:26

jason@jason859. · 05-08-2007, 12:04 PM

srry wrong log here it is bit defender log

*BitDefender Online Scanner* *Scan report generated at: Sun, May 06, 2007 - 01:49:54* * * *Scan path: *A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\; * * *Statistics* Time 02:00:31 Files 517367 Folders 8888 Boot Sectors 4 Archives 6014 Packed Files 29878 *Results* Identified Viruses 7 Infected Files 60 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 60 *Engines Info* Virus Definitions 504308 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 *Scan Settings* First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes *Scanned File* * Status* C:\$VAULT$.AVG\02454422.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\02454422.FIL Disinfection failed C:\$VAULT$.AVG\02454422.FIL Deleted C:\$VAULT$.AVG\02506969.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\02506969.FIL Disinfection failed C:\$VAULT$.AVG\02506969.FIL Deleted C:\$VAULT$.AVG\31146968.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\31146968.FIL Disinfection failed C:\$VAULT$.AVG\31146968.FIL Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Infected with: MemScan:Trojan.Vundo.DLN C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Infected with: MemScan:Trojan.Vundo.DLN C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Infected with: Trojan.Funweb.A C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Infected with: MemScan:Worm.IM.Agent.B C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Infected with: MemScan:Worm.IM.Agent.B C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Infected with: Trojan.Inject.BA C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip Updated C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Infected with: MemScan:Trojan.Vundo.DLN C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Infected with: MemScan:Trojan.Vundo.DLN C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Infected with: Trojan.Funweb.A C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Infected with: MemScan:Worm.IM.Agent.B C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Infected with: MemScan:Worm.IM.Agent.B C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Infected with: Trojan.Downloader.Adload.JM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Deleted * * * *

alba · 05-08-2007, 02:39 PM

Hi Jason

Quote:

Originally Posted by Jason

just one question mate that media face prog

That will be OK to reinstall I was after the infected files that were in
C:\WINDOWS\Downloaded Installations\

Looking at your logs it seems you got mixed up with DSS and combofix.

Combofix needs to be run first and in the manner I have stated then run DSS please run both programs again following the instructions carefully. Hardly surprising considering what you have been through,

no worries with the time I will wait for your replies

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=================

Go to

| Run | paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /v wvurpno oybguief

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===============================================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

Please remember to close all other windows, including browsers then click Fix checked.

=================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:

ComboFix.txt
main.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

jason@jason859. · 05-10-2007, 03:39 AM

hi alba things seem to be a lot better with my pc its running really well fingers crossed dont seem to have any pop ups issues i have enclosed the logs for your look mate once again thanx for your time could you advise me on how to avoid getting popups and other shite i dont want before it happens so i can advise my kids what to do ido have avg anti -virus also ad -aware / avg anti -spyware /zone alarm anti -spyware perhaps i have too much protection on my pc could you advise on what the best software to use to avoid any probs thanx again .
logs enclosed.

Logfile of HijackThis v1.99.1
Scan saved at 11:20:06, on 10/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

"jay" - 07-05-10 11:02:53 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jay\Desktop\"
Command switches used :: "/v wvurpno oybguief"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\jay\Desktop.\internet explorer.lnk

((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 ))))))))))))))))))))))))))))))))))

2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 21:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 10:53 <DIR> d-------- C:\Deckard
2007-05-02 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-30 11:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\STOPzilla!
2007-04-30 11:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28 <DIR> dr-h----- C:\DOCUME~1\jay\APPLIC~1\SecuROM
2007-04-26 15:58 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-23 22:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 21:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 21:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-19 23:19 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-19 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-19 13:07 <DIR> d--hs---- C:\found.000
2007-04-15 12:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 21:12 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Lavasoft
2007-04-11 19:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-09 09:52 -------- d-------- C:\Program Files\emule
2007-05-08 23:22 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\copytodvd
2007-05-08 20:05 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\usenext
2007-05-08 17:40 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\mailwasherpro
2007-05-05 23:41 -------- d--h----- C:\Program Files\installshield installation information
2007-05-05 23:41 -------- d-------- C:\Program Files\winamp
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstate-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-04 17:21 -------- d-------- C:\Program Files\quickpar
2007-05-04 17:20 -------- d-------- C:\Program Files\quicktime
2007-05-04 17:20 -------- d-------- C:\Program Files\orange3
2007-05-04 17:20 -------- d-------- C:\Program Files\itunes
2007-05-04 17:20 -------- d-------- C:\Program Files\google
2007-05-04 17:20 -------- d-------- C:\Program Files\daemon tools
2007-05-03 12:48 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\dvdcss
2007-04-29 08:54 -------- d-------- C:\Program Files\championship manager 2007
2007-04-29 07:08 -------- d---s---- C:\Program Files\xfire
2007-04-29 07:08 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\xfire
2007-04-29 05:19 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\utorrent
2007-04-27 14:19 -------- d-------- C:\Program Files\electronic arts
2007-04-26 17:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 22:07 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-18 13:41 -------- d-------- C:\Program Files\dvdsanta
2007-04-12 13:11 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:34 -------- d-------- C:\Program Files\usenext
2007-04-08 18:44 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-08 18:14 -------- d-------- C:\Program Files\thq
2007-04-05 11:36 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\command & conquer 3 tiberium wars demo
2007-04-02 14:28 -------- d-------- C:\Program Files\codemasters
2007-03-27 17:16 2309944 --a------ C:\WINDOWS\legends_1280x1024.scr
2007-03-27 17:16 -------- d-------- C:\Program Files\legends_1280x1024
2007-03-24 13:45 81920 --a------ C:\WINDOWS\system32\w32n50.dll
2007-03-24 13:45 17134 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-03-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-20 01:52 -------- d-------- C:\Program Files\multi_media
2007-03-19 14:17 -------- d-------- C:\Program Files\motorola
2007-03-19 13:42 -------- d-------- C:\Program Files\mobile phonetools
2007-03-19 13:15 -------- d-------- C:\Program Files\liveupdate
2007-03-15 02:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-15 02:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 02:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 02:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 02:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 02:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-15 02:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 02:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-15 02:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 02:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 02:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-15 02:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-15 02:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 02:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-15 02:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-15 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-15 02:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 23:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-20 15:54 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdc04d38-a4c5-11db-b914-0013d495b157}]
Shell\AutoRun\command M:\autorun.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 11

20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-10 11

26
C:\ComboFix-quarantined-files.txt ... 07-05-10 11:06
C:\ComboFix2.txt ... 07-05-08 19:57
C:\ComboFix3.txt ... 07-05-05 22:29

Deckard's System Scanner v20070426.43
Run by jay on 2007-05-10 at 11:24:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as jay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:24:27, on 10/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- Files created between 2007-04-10 and 2007-05-10 -----------------------------

2007-05-05 23:48:33 0 d-------- C:\WINDOWS\LastGood
2007-05-05 23:48:33 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2007-05-10 08:00:04 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-09 09:52:47 0 d-------- C:\Program Files\eMule
2007-05-08 23:22:35 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-08 20:05:59 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-05-08 17:40:28 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-05 23:41:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 23:41:35 0 d-------- C:\Program Files\Winamp
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-04 17:21:01 0 d-------- C:\Program Files\QuickPar
2007-05-04 17:20:57 0 d-------- C:\Program Files\QuickTime
2007-05-04 17:20:57 0 d-------- C:\Program Files\iTunes
2007-05-04 17:20:57 0 d-------- C:\Program Files\DAEMON Tools
2007-05-04 17:20:22 0 d-------- C:\Program Files\Google
2007-05-04 17:20:21 0 d-------- C:\Program Files\orange3
2007-05-03 12:48:00 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ
2007-04-05 11:36:45 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17

10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdc04d38-a4c5-11db-b914-0013d495b157}]
Shell\AutoRun\command M:\autorun.exe

-- End of Deckard's System Scanner: finished at 2007-05-10 at 11:25:02 ---------

alba · 05-10-2007, 07:51 AM

Hi Jason

We are almost there Please do the following so I can make sure your clean then I will give you a bit of reading to help protect your self in the future, also supporting Arsenal doesn't help

=================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

Tick - Show hidden files and folder
Untick - Hide file extensions for known types
Untick - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following files if present:

C:\WINDOWS\system32\oybguief.dll
C:\WINDOWS\SYSTEM32\wvurpno.dll

=================

Please Run a scan with Deckard's System Scanner and post the main text

===============================================

jason@jason859. · 05-11-2007, 01:11 PM

hi alba done the log mate things seem ok with pc no pop ups here it is cheers mate

Deckard's System Scanner v20070426.43
Run by jay on 2007-05-11 at 21:08:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as jay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:08:14, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\modvqepk.dll",setvm
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- Files created between 2007-04-11 and 2007-05-11 -----------------------------

2007-05-05 23:48:33 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2007-05-11 20:51:25 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-11 20:51:25 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-11 20:41:20 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-05-11 17:32:50 0 d-------- C:\Program Files\THQ
2007-05-11 12:58:06 0 d-------- C:\Program Files\Java
2007-05-11 12:57:49 12187343 --a------ C:\AVG7QT.DAT
2007-05-11 12:57:31 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-11 01:52:40 0 d-------- C:\Program Files\eMule
2007-05-11 01:48:05 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-05-11 00:43:32 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-10 14:48:24 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-05-08 17:40:28 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-05 23:41:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 23:41:35 0 d-------- C:\Program Files\Winamp
2007-05-04 17:21:01 0 d-------- C:\Program Files\QuickPar
2007-05-04 17:20:57 0 d-------- C:\Program Files\QuickTime
2007-05-04 17:20:57 0 d-------- C:\Program Files\iTunes
2007-05-04 17:20:57 0 d-------- C:\Program Files\DAEMON Tools
2007-05-04 17:20:22 0 d-------- C:\Program Files\Google
2007-05-04 17:20:21 0 d-------- C:\Program Files\orange3
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-05 11:36:45 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17

10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\modvqepk.dll\",setvm"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

-- End of Deckard's System Scanner: finished at 2007-05-11 at 21:09:01 ---------

alba · 05-11-2007, 02:17 PM

Your log are clean.

If there aren't any more problems, please continue with these final instructions.

C:\QooBox\ should be deleted/removed

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while

----------------------

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start → Run → type control sysdm.cpl,,4 & press Enter
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
DISABLE THE VIEWING OF SYSTEM FILES
From Windows Explorer, go to Tools>Folder Options> View tab.
- Untick - Show hidden files and folder
- Tick - Hide file extensions for known types
- Tick - Hide protected operating system files
Click Yes to confirm & then click OK
SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
- Select the Security tab
  - Click once on the Internet icon so it becomes highlighted.
  - Select Custom Level .
    - Change 'Download signed ActiveX controls' to Prompt
    - Change 'Download unsigned ActiveX controls' to Disable
    - Change 'Initialize and script ActiveX controls not marked as safe' to Disable
    - Change 'Installation of desktop items' to Prompt
    - Change 'Launching programs and files in an IFRAME' to Prompt
    - Change 'Navigate sub-frames across different domains' to Prompt
    - When all these changes have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Select OK to exit the Internet Properties page.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html
Microsoft Windows Update → http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html
SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.
http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

jason@jason859. · 05-12-2007, 07:25 AM

thanks alba for your time and effort i think my pc is ok now ive not had any pop ups for ages

i hope this is the prob resolved couldnt have done it without your help once again thank you and a massive thank you to all the guys at tech support forum we would be stuffed without you thanks . jason

05-02-2007, 04:18 AM	#1 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	pop ups doing my head in hi guys anyhelp with my prob would be great my daughter has been using msn messenger and she told me there was a problem with my pc it started throwing up pop ups at every oppotunity porn ones and also win fixer saying im infected and down load their software bloody cheek any help would be appreciated here is my hijack log for your eyes thanks guys . Logfile of HijackThis v1.99.1 Scan saved at 12:16:06, on 02/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\STOPzilla!\szntsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\jay\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk R3 - URLSearchHook: (no name) - - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Install5G] F:\Install.exe O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\modvqepk.dll",setvm O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

05-02-2007, 02:51 PM	#2 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Hello jason@jason859. Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". The infection you have can hide from HJT please do the following, Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

05-03-2007, 03:22 AM	#3 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	Re: pop ups doing my head in Deckard's System Scanner v20070426.43 Run by jay on 2007-05-03 at 10:53:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 11: 2007-05-03 09:53:43 UTC - RP11 - Deckard's System Scanner Restore Point 10: 2007-05-03 09:39:11 UTC - RP10 - System Checkpoint 9: 2007-05-02 09:34:56 UTC - RP9 - Installed Alcohol 120% 8: 2007-05-01 13:08:49 UTC - RP8 - System Checkpoint 7: 2007-04-30 10:50:28 UTC - RP7 - Installed STOPzilla! -- First Restore Point -- 1: 2007-04-23 21:25:48 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as jay.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:55:15, on 03/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\STOPzilla!\szntsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\jay\Desktop\dss.exe C:\DOCUME~1\jay\Desktop\jay.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing) O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {92B83CF5-6C13-46EE-8D1A-ECF2B277B7B3} - C:\WINDOWS\system32\awvtu.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9796007A-181E-4C97-99EB-7F71B8989A7B} - C:\WINDOWS\system32\wvurpno.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Install5G] F:\Install.exe O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\modvqepk.dll",setvm O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156852999468 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)> R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R3 axsaki - c:\windows\system32\drivers\axsaki.sys R3 axskbus - c:\windows\system32\drivers\axskbus.sys R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 atinevxx (ATI WDM Rage Theater Video NSP) - c:\windows\system32\drivers\atinevxx.sys <Not Verified; ATI Technologies Inc.; ATI WDM RT> S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver> S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) S3 giveio - c:\windows\system32\giveio.sys S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing) S3 ST330 - c:\windows\system32\drivers\st330.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch 330> S3 STBUS - c:\windows\system32\drivers\stbus.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch vbus> S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil> S3 wanusb (Fujitsu USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 STOPzilla Local Service - c:\program files\stopzilla!\szntsvc.exe /service "stopzilla local service" <Not Verified; International Software Systems Solutions; > -- Scheduled Tasks ------------------------------------------------------------- 2007-05-03 08:00:00 362 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job 2007-04-26 17:28:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-04-03 and 2007-05-03 ----------------------------- 2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla! 2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla! 2007-04-28 21:52:14 576774 ---hs---- C:\WINDOWS\system32\utvwa.ini2 2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars 2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM 2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch 2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink 2007-04-19 13:07:36 0 d--hs---- C:\found.000 2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs 2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft 2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft 2007-04-12 19:16:17 544533 ---hs---- C:\WINDOWS\system32\utvwa.bak2 2007-04-12 06:49:37 26694 --a------ C:\WINDOWS\system32\ddcyxuv.dll 2007-04-12 06:49:24 26694 --a------ C:\WINDOWS\system32\pmnmjgg.dll 2007-04-12 05:59:37 26694 --a------ C:\WINDOWS\system32\vtuvtqp.dll 2007-04-12 05:54:14 26694 --a------ C:\WINDOWS\system32\wvustro.dll 2007-04-12 04:29:47 26694 --a------ C:\WINDOWS\system32\rqrssrq.dll 2007-04-12 04:29:14 26694 --a------ C:\WINDOWS\system32\jkkkhih.dll 2007-04-12 02:19:41 26694 --a------ C:\WINDOWS\system32\wvutqom.dll 2007-04-12 02:19:14 26694 --a------ C:\WINDOWS\system32\rqroopq.dll 2007-04-12 00:34:37 26694 --a------ C:\WINDOWS\system32\yaywwxy.dll 2007-04-12 00:34:15 26694 --a------ C:\WINDOWS\system32\pmnopqp.dll 2007-04-11 23:09:32 26694 --a------ C:\WINDOWS\system32\vtusppo.dll 2007-04-11 23:09:09 26694 --a------ C:\WINDOWS\system32\ljjhihf.dll 2007-04-11 22:04:32 26694 --a------ C:\WINDOWS\system32\qomkljh.dll 2007-04-11 22:04:10 26694 --a------ C:\WINDOWS\system32\hggecde.dll 2007-04-11 21:09:32 26694 --a------ C:\WINDOWS\system32\wvuturs.dll 2007-04-11 21:09:10 26694 --a------ C:\WINDOWS\system32\iifeebb.dll 2007-04-11 20:09:32 26694 --a------ C:\WINDOWS\system32\vtuvstu.dll 2007-04-11 20:09:13 26694 --a------ C:\WINDOWS\system32\fcccday.dll 2007-04-11 19:44:39 26694 --a------ C:\WINDOWS\system32\hggdaya.dll 2007-04-11 19:44:16 26694 --a------ C:\WINDOWS\system32\khfdbbx.dll 2007-04-11 19:26:24 26694 --a------ C:\WINDOWS\system32\pmnomkh.dll 2007-04-11 19:26:16 189952 --a------ C:\Documents and Settings\jay\us.exe <Not Verified; Microsoft Corporation; MSN Messenger> 2007-04-11 19:16:04 529125 ---hs---- C:\WINDOWS\system32\utvwa.bak1 2007-04-11 19:15:48 280676 --ahs---- C:\WINDOWS\system32\ssqrr.dll 2007-04-11 19:15:48 280676 --ahs---- C:\WINDOWS\system32\awvtu.dll 2007-04-11 19:10:45 26694 --a------ C:\WINDOWS\system32\yayyxwt.dll 2007-04-11 19:10:35 0 d-------- C:\Program Files\Common Files\{387BC2FD-0E07-2057-1128-05090106002c} 2007-04-11 19:10:26 189952 --a------ C:\WINDOWS\us.exe <Not Verified; Microsoft Corporation; MSN Messenger> 2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-04-04 03:05:35 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo -- Find3M Report --------------------------------------------------------------- 2007-05-03 08:00:05 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7 2007-05-02 19:46:17 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro 2007-05-02 12:39:35 0 d-------- C:\Program Files\eMule 2007-05-02 09:56:08 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat 2007-05-02 09:56:08 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat 2007-05-02 00:50:24 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT 2007-05-01 12:26:24 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd 2007-05-01 11:26:31 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss 2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007 2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire 2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire 2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent 2007-04-29 04:29:59 0 d-------- C:\Program Files\Winamp 2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts 2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È 2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord 2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta 2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger 2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT 2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ 2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters 2007-04-02 14:28:03 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024 2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr 2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media 2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola 2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools 2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate 2007-03-16 1710 0 d-------- C:\Documents and Settings\jay\Application Data\ATI 2007-03-07 15:50:49 0 d-------- C:\Program Files\ATI Technologies 2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash 2007-03-04 19:39:31 0 d-------- C:\Program Files\Java 2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x] {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll {92B83CF5-6C13-46EE-8D1A-ECF2B277B7B3} C:\WINDOWS\system32\awvtu.dll {9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll {9796007A-181E-4C97-99EB-7F71B8989A7B} C:\WINDOWS\system32\wvurpno.dll [x] {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll {E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r" "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE" "CTHelper"="CTHELPER.EXE" "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "CTxfiHlp"="CTXFIHLP.EXE" "HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "Install5G"="F:\\Install.exe" "PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\modvqepk.dll\",setvm" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" @="" "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'" "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{9796007A-181E-4C97-99EB-7F71B8989A7B}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk] "path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk" "backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup" "location"="Startup" "command"=" " "item"="Fujitsu Dial-Up PPP Connection" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dragdiag" "hkey"="HKLM" "command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN -- End of Deckard's System Scanner: finished at 2007-05-03 at 10:56:26 ---------

05-03-2007, 03:24 AM	#4 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	Re: pop ups doing my head in Deckard's System Scanner v20070426.43 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.60GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.60GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 1023.29 MiB / 472.4 MiB Pagefile Memory (total/avail): 3997.25 MiB / 3532.9 MiB Virtual Memory (total/avail): 2047.88 MiB / 1973.82 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 232.88 GiB total, 101.87 GiB free. D: is Removable (No Media) E: is CDROM (No Media) F: is CDROM (Unformatted) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) L: is Fixed (FAT32) - 298.02 GiB total, 125.05 GiB free. M: is CDROM (CDFS) N: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: ZoneAlarm Anti-Spyware Firewall v7.0.337.000 (Check Point, LTD.) AV: AVG 7.5.467 v7.5.467 (GRISOFT) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\jay\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=J-9D3A1511A1234 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\jay LOGONSERVER=\\J-9D3A1511A1234 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\jay\LOCALS~1\Temp TMP=C:\DOCUME~1\jay\LOCALS~1\Temp tvdumpflags=8 USERDOMAIN=J-9D3A1511A1234 USERNAME=jay USERPROFILE=C:\Documents and Settings\jay windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- jay (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} All Video Joiner 3.0 --> "C:\Program Files\All Video Joiner\unins000.exe" Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Ashampoo WinOptimizer 4.00 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe" ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean µTorrent --> "C:\Program Files\uTorrent\uninstall.exe" AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AVG Anti-Virus 7.1 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe Brian Lara International Cricket 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B157A698-7515-4AB0-95A0-072A305B52A8}\setup.exe" -l0x9 Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe" Championship Manager 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25FED2B8-57D5-4A0D-98BF-973411E0D43E}\Setup.exe" -l0x9 -removeonly Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275} Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3} Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519} CopyToDVD 3.0.56 --> "C:\Program Files\VSO\unins000.exe" Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe" Easy CD Cover Printer --> C:\PROGRA~1\EASYCD~1\UNWISE.EXE C:\PROGRA~1\EASYCD~1\INSTALL.LOG Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe" eMule --> "C:\Program Files\eMule\Uninstall.exe" FFdshow [2006-08-18 \| rev 2546] --> "C:\Program Files\ffdshow\unins000.exe" GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" HijackThis 1.99.1 --> C:\Documents and Settings\jay\Desktop\HijackThis.exe /uninstall HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Legends_1280x1024 --> C:\Program Files\Legends_1280x1024\Uninstall.exe LimeWire 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 MailWasher Pro --> "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe" MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033 Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9 Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe" Motorola Software Update --> MsiExec.exe /I{C56D9A7F-EFCE-4526-8CD0-D042786D6EEE} Mozilla Firefox (1.5.0.11) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.11 (en-US)" MP3 Player Utilities 3.11 --> MsiExec.exe /I{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467} MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL Open Video Joiner version 3.0.0 --> "C:\Program Files\OpenVideoJoiner\unins000.exe" Orange Search Toolbar --> C:\Program Files\orange3\uninstall.exe -uninstall -prompt Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033 QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe" Scarface: The World is Yours --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062} Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe" Sniper Elite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe" Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9 SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel STOPzilla! --> C:\Program Files\STOPzilla!\SZUninstall.exe Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" UseNeXT --> "C:\Program Files\UseNeXT\unins003.exe" VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe x264 Revision 531 x264.nl (remove only) --> "C:\Program Files\x264\x264-uninstall.exe" Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" ZoneAlarm Anti-Spyware --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- End of Deckard's System Scanner: finished at 2007-05-03 at 10:56:26 ---------

05-03-2007, 06:16 AM	#6 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Hi again jason@jason859. This will take a couple of runs to clean so please stay with me Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. =============================================== Additional Downloads Please download these additional files/programs. Do not run them until instructed to do so. ================= 1. Download this file - Here Alternative link * IMPORTANT !!! Place combofix.exe on your Desktop Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post the ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ================= Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan ================= Please Run a scan with Deckard's System Scanner and save the log =============================================== In your next post, please include fresh logs from: ComboFix.txt Online scan main.txt Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

05-04-2007, 09:53 AM	#8 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Hi Jason Combo has done a good clean out, can you please do the following. 1. paste the main.txt from DSS in you next post 2. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

05-04-2007, 12:51 PM	#9 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	Re: pop ups doing my head in hi alba just done the scan and here is the log many thanks jason

05-04-2007, 01:49 PM	#11 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Hi Jason Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. ================= 2. Go to \| Run \| paste in the single line command & click OK "%userprofile%\desktop\combofix.exe" /v wvurpno oybguief 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall =============================================== 'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING ============================================== Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. =============================================== From Control Panel->Add/Remove Programs, uninstall the following programs, if present, : FunWebProducts MediaFACE 4.0 ================= Run a scan with HiJackThis & select/tick the following & click "Fix checked" : R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE *Please remember to close all other windows, including browsers then click Fix checked.* =============================================== If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Tick - Show hidden files and folder Untick - Hide file extensions for known types Untick - Hide protected operating system files Click Yes to confirm & then click OK Locate and delete the following folders, if present: C:\Program Files\FunWebProducts C:\Program Files\Fellowes\MediaFACE 4.0 Locate and delete the following files: C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma C:\Documents and Settings\jay\us.exe C:\WINDOWS\us.exe C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip ================= REBOOT TO NORMAL MODE ================= Go here and do the BitDefender online virus scan. Click "I Agree" to agree to the EULA. Allow the ActiveX control to install when prompted. Leave the scanning options at default and press "Click here to scan" to begin the scan. Please refrain from using the computer until the scan is finished. When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and post it in your next reply ================= Please Run a scan with Deckard's System Scanner and save the log =============================================== In your next post, please include fresh logs from: ComboFix.txt Online scan main.txt Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

05-08-2007, 12:04 PM	#13 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	Re: pop ups doing my head in srry wrong log here it is bit defender log BitDefender Online Scanner Scan report generated at: Sun, May 06, 2007 - 01:49:54 * * Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\; * * Statistics Time 02:00:31 Files 517367 Folders 8888 Boot Sectors 4 Archives 6014 Packed Files 29878 Results Identified Viruses 7 Infected Files 60 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 60 Engines Info Virus Definitions 504308 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions ; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File* * Status* C:\$VAULT$.AVG\02454422.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\02454422.FIL Disinfection failed C:\$VAULT$.AVG\02454422.FIL Deleted C:\$VAULT$.AVG\02506969.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\02506969.FIL Disinfection failed C:\$VAULT$.AVG\02506969.FIL Deleted C:\$VAULT$.AVG\31146968.FIL Infected with: Trojan.Downloader.Tiny.O C:\$VAULT$.AVG\31146968.FIL Disinfection failed C:\$VAULT$.AVG\31146968.FIL Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Infected with: MemScan:Trojan.Vundo.DLN C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Infected with: MemScan:Trojan.Vundo.DLN C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Infected with: MemScan:Trojan.Vundo.DLM C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Infected with: Trojan.Funweb.A C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc43\Installr\1.bin\F3EZSETP.DLL Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Infected with: MemScan:Worm.IM.Agent.B C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc45.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Infected with: MemScan:Worm.IM.Agent.B C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc46.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Infected with: Trojan.Inject.BA C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Disinfection failed C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip=>BitDownload-3.0-setup.exe Deleted C:\RECYCLER\S-1-5-21-776561741-308236825-725345543-1005\Dc48.zip Updated C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Infected with: MemScan:Trojan.Vundo.DLN C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Infected with: MemScan:Trojan.Vundo.DLN C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Infected with: Trojan.Funweb.A C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010401.DLL Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Infected with: MemScan:Worm.IM.Agent.B C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010402.exe Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Infected with: MemScan:Worm.IM.Agent.B C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP13\A0010403.exe Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Infected with: Trojan.Downloader.Adload.JM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Deleted C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Infected with: MemScan:Trojan.Vundo.DLM C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Disinfection failed C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Deleted * * * *

05-10-2007, 07:51 AM	#16 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Hi Jason We are almost there Please do the following so I can make sure your clean then I will give you a bit of reading to help protect your self in the future, also supporting Arsenal doesn't help ================= Run a scan with HiJackThis & select/tick the following & click "Fix checked" : O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing) O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing) *Please remember to close all other windows, including browsers then click Fix checked.* =============================================== If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Tick - Show hidden files and folder Untick - Hide file extensions for known types Untick - Hide protected operating system files Click Yes to confirm & then click OK Locate and delete the following files if present: C:\WINDOWS\system32\oybguief.dll C:\WINDOWS\SYSTEM32\wvurpno.dll ================= Please Run a scan with Deckard's System Scanner and post the main text =============================================== __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat Last edited by alba; 05-10-2007 at 07:53 AM.

05-11-2007, 02:17 PM	#18 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: pop ups doing my head in Your log are clean. If there aren't any more problems, please continue with these final instructions. C:\QooBox\ should be deleted/removed C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while ---------------------- Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure: CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder) Go to Start → Run → type control sysdm.cpl,,4 & press Enter Tick on the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK DISABLE THE VIEWING OF SYSTEM FILES From Windows Explorer, go to Tools>Folder Options> View tab. Untick - Show hidden files and folder Tick - Hide file extensions for known types Tick - Hide protected operating system files Click Yes to confirm & then click OK SECURING INTERNET EXPLORER From within Internet Explorer click on the Tools menu and then click on Internet Options. Select the Security tab Click once on the Internet icon so it becomes highlighted. Select Custom Level . Change 'Download signed ActiveX controls' to Prompt Change 'Download unsigned ActiveX controls' to Disable Change 'Initialize and script ActiveX controls not marked as safe' to Disable Change 'Installation of desktop items' to Prompt Change 'Launching programs and files in an IFRAME' to Prompt Change 'Navigate sub-frames across different domains' to Prompt When all these changes have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Select OK to exit the Internet Properties page. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. FIREWALL Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html Microsoft Windows Update → http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html SPYWAREBLASTER SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites. Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety. http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows. http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: http://www.winpatrol.com/features.html To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

05-12-2007, 07:25 AM	#19 (permalink)
jason@jason859. Registered User Join Date: Sep 2005 Posts: 41 OS: win xp	Re: pop ups doing my head in thanks alba for your time and effort i think my pc is ok now ive not had any pop ups for ages i hope this is the prob resolved couldnt have done it without your help once again thank you and a massive thank you to all the guys at tech support forum we would be stuffed without you thanks . jason