Computer Slow Freezes and High Cpu

~~jaz_martin~~ · 08-23-2007, 05:24 PM

After i turned back on windows updates (it downloaded some 80mb of updates plus outlook security update), I downloaded soldier of fortune test demo (completely removed now i think checked registry) and kazaa (tried removing completely but a couple toolbars left in the add/remove program section) the following problems occured:

Mouse cursor freezes frequently
High cpu spikes on firefox and internet explorer 100% frequently
applications fail to connect to internet
outlook doesnt download correctly
skype spikes high cpu usage
computer is very slow
cant play games
cant work
cant study

Here is the highjack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:58, on 23/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1165521814734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165521795859
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer = 200.165.132.155 200.149.55.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8482 bytes

(posting just spiked my firefox to 212,000 memory usage and 100%cpu)

Here is the Security Task Manager log:

Security Task Manager
--------------------------------------------------------------------------------
Computer 23/8/2007 14:36:25
Name Rating PID CPU Memory Active File Type Start Title, Description Manufacturer : product
iolo DMV Service 100% 192 5,0 MB C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe Program 14:07:32 during system start-up from Plug and Play iolo technologies, LLC :
Yahoo! Toolbar 48% C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Internet when Internet Explorer starts yt.YTHelper.2 (Browser Extension) Yahoo! Inc. : Yahoo! Toolbar
Yahoo! IE Services 48% C:\Program Files\Yahoo!\Common\yiesrvc.dll Internet when Internet Explorer starts YUber.UberButton.1 (Browser Extension) Yahoo! Inc. : IE Services
Google IE Client Toolbar 48% c:\program files\google\googletoolbar3.dll Internet when Internet Explorer starts Google Toolbar Helper (Browser Extension) Google Inc : Google Toolbar for IE
GoogleToolbarNotifier 48% C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll Internet when Internet Explorer starts protector_dll.ProtectorBho.1 (Browser Extension) Google Inc : GoogleToolbarNotifier
Windows Live Sign-in Assistant 46% C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Internet when Internet Explorer starts WindowsLiveLogin.dll - IDBHO.IDBrowserExtension.1 (Browser Extension) Microsoft Corporation : Microsoft® Windows Live Login Helper
AVG7 Alert Manager Server 39% 1672 0,5 MB C:\Program Files\Grisoft\AVG7\avgamsvr.exe Program 14:07:32 during system start-up from Plug and Play AVG Alert Manager GRISOFT, s.r.o. : AVG Anti-Virus system
AVG7 Update Service 39% 636 1,1 MB 0:03 C:\Program Files\Grisoft\AVG7\avgupsvc.exe Program 14:07:32 during system start-up from Plug and Play AVG Update Service GRISOFT, s.r.o. : AVG 7.5 Anti-Virus System
Adobe Reader 7.0.5 32% C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Internet when Internet Explorer starts Adobe Acrobat IE Helper Version 7.0 for ActiveX - AcroIEHelper.AcroIEHlprObj.1 (Browser Extension) Adobe Systems, Incorporated : AcroIEHelper Library
Spybot - Search & Destroy 32% C:\Program Files\Spybot - Search & Destroy\SDHelper.dll Internet when Internet Explorer starts Bad download blocker - Blocks URLs that could install spyware, malware etc. (Browser Extension) Safer Networking Ltd. : Spybot - Search & Destroy
AVG 7.5 Launcher 21% C:\Program Files\Grisoft\AVG7\avgw.exe Program when Windows starts, Registry: Def\Run AVG7_Run (not active) GRISOFT, s.r.o. : AVG Anti-Virus system
NVIDIA nView Wizard, Version 110.60 21% C:\WINDOWS\system32\nwiz.exe Program when Windows starts, Registry: Machine\Run nwiz (not active) NVIDIA Corporation : NVIDIA nView Wizard, Version 110.60
Skype™ 3.5 20% C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Internet when Internet Explorer starts Skype add-on for IE - Skype add-on (mastermind) · ToolBand.SkypeIEHelper.1 (Browser Extension) Skype Technologies SA : Skype add-on for IE
AVG Control Center 16% 844 0,3 MB 0:01 C:\Program Files\Grisoft\AVG7\avgcc.exe Taskicon 14

38 when Windows starts, Registry: Machine\Run AVG Free Edition - Control Center GRISOFT, s.r.o. : AVG Anti-Virus system
NVIDIA Display Driver Service 14% 260 4,7 MB C:\WINDOWS\system32\nvsvc32.exe Program 14:07:33 during system start-up from Plug and Play Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation : NVIDIA Driver Helper Service, Version 93.71
Firefox 14% 2424 52,8 MB 0:24 C:\Program Files\Mozilla Firefox\firefox.exe Program 14:19:02 HijackThis Log Help - Tech Support Forum - Mozilla Firefox Mozilla Corporation : Firefox
TrueVector Internet Monitor 5% 732 25,5 MB 0:05 C:\WINDOWS\system32\ZoneLabs\vsmon.exe Program 14

24 during system start-up from Plug and Play Monitors internet traffic and generates alerts for disallowed access. Check Point Software Technologies Ltd. : TrueVector Service
Windows NT Session Manager 4% 1440 0,4 MB C:\WINDOWS\System32\smss.exe Program 14

19 from System Microsoft Corporation : Microsoft® Windows® Operating System
Client Server Runtime Process 4% 1616 5,6 MB 0:03 C:\WINDOWS\system32\csrss.exe Program 14

21 from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System
Security Accounts Manager 4% 1728 1,1 MB 0:01 C:\WINDOWS\system32\lsass.exe Program 14

22 during system start-up from Windows NT Logon Application Stores security information for local user accounts. Microsoft Corporation : Microsoft® Windows® Operating System
Indexing Service filter daemon 4% 2288 0,3 MB 0:31 C:\WINDOWS\system32\cidaemon.exe Program 14:13:55 from Indexing Service Microsoft Corporation : Microsoft® Windows® Operating System
Windows NT Logon Application 4% 1648 2,6 MB 0:01 C:\WINDOWS\system32\winlogon.exe Program 14

22 from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System
Remote Procedure Call (RPC) 3% 1996 5,1 MB C:\WINDOWS\system32\svchost.exe Program 14

23 during system start-up from Plug and Play Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation : Microsoft® Windows® Operating System
Wireless Zero Configuration 3% 396 21,7 MB 0:07 C:\WINDOWS\System32\svchost.exe Program 14

23 during system start-up from Plug and Play Provides automatic configuration for the 802.11 adapters Microsoft Corporation : Microsoft® Windows® Operating System
DNS Client 3% 440 4,2 MB C:\WINDOWS\system32\svchost.exe Program 14

23 during system start-up from Plug and Play Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
SSDP Discovery Service 3% 1484 4,7 MB C:\WINDOWS\system32\svchost.exe Program 14:07:39 during system start-up from Plug and Play Enables discovery of UPnP devices on your home network. Microsoft Corporation : Microsoft® Windows® Operating System
System idle 2% System idle Program Windows idle process Microsoft : Windows
System 2% 4 0,2 MB 0:08 System Program Windows system process Microsoft : Windows
Plug and Play 0% 1716 5,0 MB 0:02 C:\WINDOWS\system32\services.exe Program 14

22 during system start-up from Windows NT Logon Application Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation : Microsoft® Windows® Operating System
Terminal Services 0% 1920 5,9 MB C:\WINDOWS\system32\svchost.exe Program 14

22 during system start-up from Plug and Play Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Microsoft Corporation : Microsoft® Windows® Operating System
WebClient 0% 652 4,7 MB C:\WINDOWS\system32\svchost.exe Program 14

23 during system start-up from Plug and Play Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
Indexing Service 0% 1868 0,4 MB 0:20 C:\WINDOWS\system32\cisvc.exe Program 14:07:32 during system start-up from Plug and Play Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Corporation : Microsoft® Windows® Operating System
Windows Image Acquisition (WIA) 0% 740 5,0 MB C:\WINDOWS\system32\svchost.exe Program 14:07:40 during system start-up from Plug and Play Provides image acquisition services for scanners and cameras. Microsoft Corporation : Microsoft® Windows® Operating System
Print Spooler 0% 3216 6,2 MB C:\WINDOWS\system32\spoolsv.exe Program 14:09:16 during system start-up from Plug and Play Loads files to memory for later printing. Microsoft Corporation : Microsoft® Windows® Operating System
atmuni.sys 0% Service started disabled -
IoLogMsg.dll 0% Driver started disabled -
ABP480N5.SYS 0% Driver during boot -
ACPI.sys 0% Driver during boot -
ACPIEC.sys 0% Driver started disabled -
Adobelmsvc.exe 0% Service started disabled -
adpu160m.sys 0% Driver during boot -
aec.sys 0% Driver manual -
afd.sys 0% Driver during system start -
agp440.sys 0% Driver during boot -
agpCPQ.sys 0% Driver during boot -
aha154x.sys 0% Driver during boot -
aic78u2.sys 0% Driver during boot -
aic78xx.sys 0% Driver during boot -
ALCXWDM.SYS 0% Driver manual -
alg.exe 0% Service manual -
aliide.sys 0% Driver during boot -
alim1541.sys 0% Driver during boot -
amdagp.sys 0% Driver during boot -
amsint.sys 0% Driver during boot -
AnyDVD.sys 0% Driver manual -
svchost.exe 0% Service manual -
arp1394.sys 0% Driver manual after Tcpip -
asc.sys 0% Driver during boot -
asc3350p.sys 0% Driver during boot -
asc3550.sys 0% Driver during boot -
aspnet_state.exe 0% Service manual -
asyncmac.sys 0% Driver manual -
atapi.sys 0% Driver during boot -
IoLogMsg.dll 0% Driver started disabled -
atmarpc.sys 0% Driver manual after Tcpip -
audstub.sys 0% Driver manual -
avg7core.sys 0% Driver during system start -
avg7rsw.sys 0% Driver during system start -
avg7rsxp.sys 0% Driver during system start -
avgclean.sys 0% Driver during system start -
Beep.sys 0% Driver during system start -
bridge.sys 0% Driver manual -
bridge.sys 0% Driver manual -
svchost.exe 0% Service during system start-up after LanmanWorkstation,LanmanServer -
cbidf2k.sys 0% Driver during boot -
cbidf2k.sys 0% Driver started disabled -
CCDECODE.sys 0% Driver manual -
ccEvtMgr.exe 0% Service started disabled after RPCSS,ccSetMgr -
ccPwdSvc.exe 0% Service started disabled -
ccSetMgr.exe 0% Service started disabled after RPCSS -
cd20xrnt.sys 0% Driver during boot -
Cdaudio.sys 0% Driver during system start -
Cdfs.sys 0% Driver started disabled after +SCSI CDROM Class -
Cdr4_xp.sys 0% Driver during system start -
Cdralw2k.sys 0% Driver during system start -
cdrom.sys 0% Driver during system start after +SCSI miniport -
IoLogMsg.dll 0% Driver during system start -
clipsrv.exe 0% Service started disabled after NetDDE -
mscorsvw.exe 0% Service manual -
cmdide.sys 0% Driver during boot -
dllhost.exe 0% Service manual after rpcss -
cpqarray.sys 0% Driver during boot -
dac2w2k.sys 0% Driver during boot -
dac960nt.sys 0% Driver during boot -
disk.sys 0% Driver during boot after +SCSI miniport -
dmadmin.exe 0% Service manual after RpcSs,PlugPlay,DmServer -
dmboot.sys 0% Driver started disabled -
dmio.sys 0% Driver during boot -
dmload.sys 0% Driver during boot -
DMusic.sys 0% Driver manual -
dpti2o.sys 0% Driver during boot -
drmkaud.sys 0% Driver manual -
ehRecvr.exe 0% Service started disabled after RPCSS -
ehSched.exe 0% Service started disabled after RPCSS -
ElbyCDIO.sys 0% Driver during system start-up -
ElbyDelay.sys 0% Driver manual -
enethusb.sys 0% Driver manual -
ewf.sys 0% Driver during boot -
Fastfat.sys 0% Driver started disabled -
fdc.sys 0% Driver manual -
Fips.sys 0% Driver during system start -
flpydisk.sys 0% Driver manual -
fltMgr.sys 0% Driver during boot -
PresentationFontCache.exe 0% Service manual -
ftdisk.sys 0% Driver during boot -
msgpc.sys 0% Driver manual -
GoogleUpdaterService.exe 0% Service started disabled after RPCSS -
svchost.exe 0% Service during system start-up after RpcSs -
hidusb.sys 0% Driver manual -
hpn.sys 0% Driver during boot -
HPZid412.sys 0% Driver manual -
HPZipr12.sys 0% Driver manual -
HPZius12.sys 0% Driver manual -
HSFHWBS2.sys 0% Driver manual -
HSF_DP.sys 0% Driver manual -
HSF_DPV.sys 0% Driver manual -
HTTP.sys 0% Driver manual -
svchost.exe 0% Service manual after HTTP -
i2omgmt.sys 0% Driver during system start -
i2omp.sys 0% Driver during boot -
i8042prt.sys 0% Driver during system start -
infocard.exe 0% Service started disabled -
imapi.sys 0% Driver during system start -
imapi.exe 0% Service manual -
ini910u.sys 0% Driver during boot -
intelide.sys 0% Driver during boot -
Ip6Fw.sys 0% Driver manual -
ipfltdrv.sys 0% Driver manual after Tcpip -
ipinip.sys 0% Driver manual after Tcpip -
ipnat.sys 0% Driver manual after Tcpip -
ipsec.sys 0% Driver during system start -
irenum.sys 0% Driver manual -
isapnp.sys 0% Driver during boot -
kbdclass.sys 0% Driver during system start -
kmixer.sys 0% Driver manual -
KSecDD.sys 0% Driver during boot -
lbrtfdc.sys 0% Driver during system start -
mcrdsvc.exe 0% Service started disabled after RPCSS,SSDPSRV -
mdm.exe 0% Service started disabled after RPCSS -
mdmxsdk.sys 0% Driver during system start-up -
svchost.exe 0% Service started disabled after LanmanWorkstation,NetBIOS,PlugPlay,RpcSS -
svchost.exe 0% Service manual after TcpIp,Afd,RpcSs,mhndrv -
mhndrv.sys 0% Driver manual -
mnmdd.sys 0% Driver during system start -
mnmsrvc.exe 0% Service manual -
Modem.sys 0% Driver manual -
mouclass.sys 0% Driver during system start -
mouhid.sys 0% Driver manual -
MountMgr.sys 0% Driver during boot -
mraid35x.sys 0% Driver during boot -
mrxdav.sys 0% Driver manual -
mrxsmb.sys 0% Driver during system start -
msdtc.exe 0% Service manual after RPCSS,SamSS -
Msfs.sys 0% Driver during system start -
msiexec.exe 0% Service manual -
MSKSSRV.sys 0% Driver manual -
MSPCLOCK.sys 0% Driver manual -
MSPQM.sys 0% Driver manual -
mssmbios.sys 0% Driver manual -
MSTEE.sys 0% Driver manual -
Mup.sys 0% Driver during boot -
mxnic.sys 0% Driver manual -
NABTSFEC.sys 0% Driver manual -
NDIS.sys 0% Driver during boot -
NdisIP.sys 0% Driver manual -
ndistapi.sys 0% Driver manual -
ndisuio.sys 0% Driver manual -
ndiswan.sys 0% Driver manual -
NDProxy.sys 0% Driver manual -
netbios.sys 0% Driver during system start -
netbt.sys 0% Driver during system start after Tcpip -
netdde.exe 0% Service started disabled after NetDDEDSDM -
netdde.exe 0% Service started disabled -
lsass.exe 0% Service manual after LanmanWorkstation -
SMSvcHost.exe 0% Service started disabled -
nic1394.sys 0% Driver manual -
Npfs.sys 0% Driver during system start -
Ntfs.sys 0% Driver started disabled -
lsass.exe 0% Service manual -
svchost.exe 0% Service started disabled after RpcSs -
Null.sys 0% Driver during system start -
nv4_mini.sys 0% Driver manual -
nwlnkflt.sys 0% Driver manual after NwlnkFwd -
nwlnkfwd.sys 0% Driver manual -
ODSERV.EXE 0% Service started disabled -
ohci1394.sys 0% Driver during boot -
OSE.EXE 0% Service started disabled -
p3.sys 0% Driver during system start -
parport.sys 0% Driver manual -
PartMgr.sys 0% Driver during boot -
ParVdm.sys 0% Driver during system start-up after Parport,+Parallel arbitrator -
pci.sys 0% Driver during boot -
0% Driver during system start -
pciide.sys 0% Driver during boot -
Pcmcia.sys 0% Driver started disabled -
0% Driver manual -
0% Driver manual -
0% Driver manual -
0% Driver manual -
perc2.sys 0% Driver during boot -
perc2hib.sys 0% Driver during boot -
pgfilter.sys 0% Driver manual -
HPZipm12.exe 0% Service started disabled -
raspptp.sys 0% Driver manual -
PRISMXL.SYS 0% Service started disabled -
processr.sys 0% Driver during system start -
PSIService.exe 0% Service started disabled -
psched.sys 0% Driver manual after Gpc -
ptilink.sys 0% Driver manual -
PxHelp20.sys 0% Driver during boot -
ql1080.sys 0% Driver during boot -
ql10wnt.sys 0% Driver during boot -
ql12160.sys 0% Driver during boot -
ql1240.sys 0% Driver during boot -
ql1280.sys 0% Driver during boot -
rasacd.sys 0% Driver during system start -
svchost.exe 0% Service manual after RasMan,Tapisrv -
rasl2tp.sys 0% Driver manual -
raspppoe.sys 0% Driver manual -
raspti.sys 0% Driver manual -
rdbss.sys 0% Driver during system start -
RDPCDD.sys 0% Driver during system start -
rdpdr.sys 0% Driver manual -
RDPWD.sys 0% Driver manual -
sessmgr.exe 0% Service manual after RPCSS -
redbook.sys 0% Driver during system start -
svchost.exe 0% Service started disabled after RpcSS,+NetBIOSGroup -
svchost.exe 0% Service started disabled after RPCSS -
RMSPPPOE.SYS 0% Driver manual -
locator.exe 0% Service manual after LanmanWorkstation -
rsvp.exe 0% Service manual after TcpIp,Afd,RpcSs -
Rtlnicxp.sys 0% Driver manual -
SCardSvr.exe 0% Service manual after PlugPlay -
SRVANY.EXE 0% Service started disabled -
secdrv.sys 0% Driver manual -
Serial.sys 0% Driver during system start-up -
Sfloppy.sys 0% Driver during system start after +SCSI miniport -
svchost.exe 0% Service started disabled after Netman,WinMgmt -
IoLogMsg.dll 0% Driver started disabled -
sisagp.sys 0% Driver during boot -
SLIP.sys 0% Driver manual -
sparrow.sys 0% Driver during boot -
SPBBCDrv.sys 0% Driver manual -
SPBBCSvc.exe 0% Service started disabled after RPCSS -
splitter.sys 0% Driver manual -
sr.sys 0% Driver during boot -
srescan.sys 0% Driver during boot -
srv.sys 0% Driver manual -
StreamIP.sys 0% Driver manual -
sunkfilt.sys 0% Driver manual -
swenum.sys 0% Driver manual -
swmidi.sys 0% Driver manual -
dllhost.exe 0% Service manual after rpcss -
symc810.sys 0% Driver during boot -
symc8xx.sys 0% Driver during boot -
SYMEVENT.SYS 0% Driver manual -
0% Driver manual -
sym_hi.sys 0% Driver during boot -
sym_u3.sys 0% Driver during boot -
sysaudio.sys 0% Driver manual -
smlogsvc.exe 0% Service manual -
tcpip.sys 0% Driver during system start after IPSec -
TDPIPE.sys 0% Driver manual -
TDTCP.sys 0% Driver manual -
termdd.sys 0% Driver during system start -
tlntsvr.exe 0% Service started disabled after RPCSS,TCPIP,NTLMSSP -
toside.sys 0% Driver during boot -
Udfs.sys 0% Driver started disabled -
ultra.sys 0% Driver during boot -
update.sys 0% Driver manual -
svchost.exe 0% Service manual after SSDPSRV,HTTP -
ups.exe 0% Service manual -
usbaudio.sys 0% Driver manual -
usbccgp.sys 0% Driver manual -
usbehci.sys 0% Driver manual -
usbhub.sys 0% Driver manual -
usbohci.sys 0% Driver manual -
usbprint.sys 0% Driver manual -
usbscan.sys 0% Driver manual -
USBSTOR.SYS 0% Driver manual -
svchost.exe 0% Service manual after rpcss,eventlog -
V0090Vid.sys 0% Driver manual -
vga.sys 0% Driver during system start -
viaagp.sys 0% Driver during boot -
viaide.sys 0% Driver during boot -
VolSnap.sys 0% Driver during boot -
vsdatant.sys 0% Driver during system start after TCPIP -
vssvc.exe 0% Service manual after RPCSS -
wanarp.sys 0% Driver manual -
wanatw4.sys 0% Driver manual -
0% Driver manual -
wdmaud.sys 0% Driver manual -
SRVANY.EXE 0% Service started disabled -
HSF_CNXT.sys 0% Driver manual -
svchost.exe 0% Service manual -
svchost.exe 0% Service manual -
wmiapsrv.exe 0% Service manual after RPCSS -
WMPNetwk.exe 0% Service started disabled after upnphost,http,HTTPFilter -
WSTCODEC.SYS 0% Driver manual -
svchost.exe 0% Service started disabled -
WudfPf.sys 0% Driver manual -
wudfrd.sys 0% Driver manual -
svchost.exe 0% Service manual after PlugPlay -
WasherSvc.exe 0% Service started disabled -
svchost.exe 0% Service manual after RpcSs -
NVIDIA Display Properties Extension 0% C:\WINDOWS\system32\NvCpl.dll Program when Windows starts, Registry: Machine\Run NvCplDaemon (not active) NVIDIA Corporation : NVIDIA Compatible Windows 2000 Display driver, Version 93.71
NVIDIA Media Center Library 0% C:\WINDOWS\system32\NvMcTray.dll Program when Windows starts, Registry: Machine\Run NvMediaCenter (not active) NVIDIA Corporation : NVIDIA Media Center Library
Windows Portable Device Shell Service Object 0% C:\WINDOWS\system32\WPDShServiceObj.dll Program when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad WPDShServiceObj WPDShServiceObj Class (not active) Microsoft Corporation : Microsoft® Windows® Operating System
ZoneAlarm 0% 816 5,7 MB 0:02 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Taskicon 14

38 when Windows starts, Registry: Machine\Run ZoneAlarm Client Check Point Software Technologies Ltd. : ZoneAlarm Client
Security Task Manager 0% 3772 0:05 C:\Program Files\Security Task Manager\TaskMan.exe Program 14:34:42 from Windows Explorer Security Task Manager A. & M. Neuber Software : Security Task Manager
Windows Explorer 0% 460 42,8 MB 0:24 C:\WINDOWS\Explorer.EXE Program 14

36 Program Manager, Microsoft Corporation : Microsoft® Windows® Operating System
Run a DLL as an App 0% 2092 1,4 MB 0:08 C:\WINDOWS\system32\rundll32.exe Program 14:16:37 from Windows Explorer Add or Remove Programs Microsoft Corporation : Microsoft® Windows® Operating System

I also have a complete system file log but its like 5Mb and cant post it here nor would I do so......

I dont know if this helps but here is the UnInstall List:

Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.5
Adobe Shockwave Player
Ahead InCD EasyWrite Reader
Arquivo do WinRAR
AVG 7.5
ccCommon
Creative WebCam Center
Creative WebCam Vista Plus Driver (1.02.02.0414)
Creative WebCam Vista Plus User's Guide (English)
DAO
Digital Media Reader
DVD Shrink 3.2
EVEREST Home Edition v2.20
GMail Drive Shell Extension
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
HD Tune 2.52
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
Informações Velox
iolo technologies' System Mechanic 7
J2SE Runtime Environment 5.0 Update 2
Jurídico 2006
Learn2 Player (Uninstall Only)
LightDialer 3.0
LightModem 3.0
LimeWire PRO 4.10.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Shared Computer Toolkit
Microsoft Shared Computer Toolkit
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Keyboard Driver
Napster Burn Engine
Nero 7 Premium
Nero BurnRights
Nero Suite
Nimo Codecs Pack v5.0 (Remove Only)
Norton Internet Security
NVIDIA Drivers
PeerGuardian 2.0
Plaxo Toolbar for Outlook and Outlook Express
PowerDVD
QuickTime
Raketu - Communications Information and Entertainment
RealPlayer
Realtek AC'97 Audio
Recovery Software Suite eMachines
RoamDrive 1.0.2292.14902
Security Task Manager 1.7
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.5
SMPS ToolBar
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPBBC
Spybot - Search & Destroy 1.4
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Visual Vision EbooksWriterLITE_e
VoipStunt
Window Washer
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Hotfix [See KB832353 for more information]
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888239
Windows XP Media Center Edition 2005 KB925766
WinZip 11.1
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm

I have downloaded the AVG AntiSpyware and it picked some things up which I will remove but Im certain that there are plenty of other problems since I already have tried spybot webroot spysweeper avg antivirus norton zone alarm antivirus MCafee etc....few others....

I also have done a dickcheck diskclean defragment checkdisk and tried to clean out registry for unknow items...

Please Help We use this computer for the entire family to work study research play games etc......

Kindest Regards to Tech Support and Thank you in advance !

Marty

~~jaz_martin~~ · 08-23-2007, 07:46 PM

I have a complete system info file log but its like 5.8mb and i cant upload it here !

~~jaz_martin~~ · 08-23-2007, 08:30 PM

P.S.> At some point there was the ViewPoint Media Player with an icon that looked like Windows Media Player. I just deleted it. Cannot find the Program file folder - deleted by add/remove function. What is it?

There are some Windows Media Player ( I think ) as well that I could never delete:

Migrate MLS Migrate Dll Microsoft Corp. - Is this an unvalid unsafe file?

WM Windows Media Player Luncher Microsoft Corp. - It does not lunch just does nothing also cannot delete/erase.

Downloaded Windows Media Player 11 that has overwritten 10. 10 was problematic.

~~jaz_martin~~ · 08-23-2007, 08:59 PM

Logged in as Admin and unable to download Deckard's System Scanner (DSS)

~~jaz_martin~~ · 08-23-2007, 10:05 PM

# Start | Run (type) "services.msc" (no quotes)
# Scroll down to "DNS Client", Right-click and select: Properties
# Click the drop-down arrow for "Startup type"
# Select: Manual, or Disabled (recommended) click Apply/Ok and restart.

I did this recently on the account of your Security Center Articles.

Vaild?

~~jaz_martin~~ · 08-23-2007, 10:21 PM

SmitFraud Log:

SmitFraudFix v2.216

Scan done at 1:16:46,32, sex 24/08/2007
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job FOUND !
C:\WINDOWS\Tasks\At??.job FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 200.165.132.155
DNS Server Search Order: 200.149.55.140

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

~~jaz_martin~~ · 08-24-2007, 05:17 AM

I did a Kaspersky Scan and I must say :

The Online Scan is Excellent I could imagine the official purchase version !

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 24, 2007 7:15:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/08/2007
Kaspersky Anti-Virus database records: 388461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
M:\

Scan Statistics:
Total number of scanned objects: 214920
Number of viruses found: 11
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 02:15:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\1.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\2.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\4.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\5.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\P9120005.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\P9140006.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PA010008.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PA010011.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020012.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020013.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020014.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020015.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020016.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020017.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020018.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020019.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020020.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020021.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020022.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020024.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020025.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020026.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020027.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020028.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020029.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020030.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020031.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020032.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020033.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020035.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020036.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020037.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020038.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020039.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020040.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020041.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020042.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020043.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020044.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020045.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020046.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020047.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020048.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020049.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020050.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020051.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020052.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020053.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020054.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020057.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020058.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020059.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020060.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020061.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020062.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020065.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020066.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020067.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020068.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020069.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020070.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020071.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020072.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020073.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020075.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020076.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020077.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020078.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020079.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020085.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020086.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020089.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020090.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020094.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020095.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020096.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020100.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB020101.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030105.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030106.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030107.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030108.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030109.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030110.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030111.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030112.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030113.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PB030114.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100115.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100116.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100117.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100122.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100123.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100124.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100125.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100128.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100130.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100131.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\PC100132.JPG Object is locked skipped
C:\Documents and Settings\BELLA.orig\My Documents\My Pictures\Glenda pix\Thumbs.db Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007082420070825\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000A.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP256\A0109231.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxo skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP256\A0109231.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxo skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP256\A0109231.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129342.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129352.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129355.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129356.exe Infected: not-a-virus:AdWare.Win32.TopSearch.a skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129357.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129358.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129359.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129361.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129362.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP314\A0129370.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP319\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\GAJEWSKI.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\_50BD26FBC591412489A7790C7170A6F0 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1979911352-337474338-2589001825-500\76f935b7-48e2-4e4d-b9ff-d9343bf9fe4b Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1979911352-337474338-2589001825-500\Preferred Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\AOL.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Adjust Your Desktop Cleartype Fonts For Best Visibility.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Customize Links.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Microsoft Media Center Edition Home Page.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\RealPlayer.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Windows Media.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Windows.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\MSN.com.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\Radio Station Guide.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}\1033.MST Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}\J2SE Runtime Environment 5.0 Update 2.msi Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006120720061208\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\096BO1IR\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0LUVS1QF\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8D2BGD63\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXUZ0DMN\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\My Documents\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\Desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\ntuser.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Recent\Desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\SendTo\My Documents.mydocs Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\System Recovery\Recovery Media Creator.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\System Recovery\System Recovery.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\amipro.sam Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\excel.xls Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\excel4.xls Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\lotus.wk4 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\powerpnt.ppt Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\presenta.shw Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\quattro.wb2 Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\winword.doc Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpd Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpg Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT072b3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT079a5.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP319\change.log Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP319\change.log Object is locked skipped

Scan process completed.

Ok, Techies lets get to testing the skills because im lost.

Tried to find the infections, no luck, I know Im an amateur but hey its a hobby and curiousity thing right.

Be here waiting thanks for donating your time and brains !

~~jaz_martin~~ · 08-24-2007, 07:41 AM

System t6520 machines RS480 chipset amd 2.4 3400 1gb memory geforce 7600GS video card water cooling fan and 2 hd 200gb 250gb

Ried · 08-26-2007, 08:19 AM

Let's see if Kaspersky truly got it all for you as you posted here http://www.techsupportforum.com/secu...st1048412.html

Creating multiple threads only served to confuse us all. Please confine your posts to a single thread.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.

Select option #1 - Search by typing 1 and press "Enter"
A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

--------------------------------------------------

Run a new scan with dss.exe and post the main.txt along with the report generated by the SmitfraudFix tool.

~~jaz_martin~~ · 08-26-2007, 09:41 AM

Sorry about the frustrations and multiple posts. Im just sooo behind on my work and thinking about someone getting delicate info from my PC is nutzzzz....

Oh my God thank you very much for the response !!!

Here are the logs:

SmitFraudFix v2.216

Scan done at 12:34:16,07, dom 26/08/2007
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 200.165.132.155
DNS Server Search Order: 200.149.55.140

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-26 12:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:41, on 26/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1165521814734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165521795859
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer = 200.165.132.155 200.149.55.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8337 bytes

-- Files created between 2007-07-26 and 2007-08-26 -----------------------------

2007-08-26 12:34:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-26 12:34:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-26 12:34:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-25 21:15:14 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-25 21:15:14 558592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-25 21:15:14 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-08-25 21:15:14 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-08-25 21:15:14 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-08-25 21:15:14 217088 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-08-25 21:15:14 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-08-25 21:15:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-25 21:15:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-25 21:15:13 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-25 21:15:12 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-25 21:15:10 0 d-------- C:\Program Files\K-Lite Codec Pack <K-LITE~1>
2007-08-25 11:53:51 599058 --a------ C:\Program Files\dss.exe
2007-08-24 23:33:55 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2007-08-24 23:26:19 0 d-------- C:\kav
2007-08-24 12:15:34 0 d-------- C:\Program Files\directx
2007-08-24 12:14:51 0 d-------- C:\Program Files\NVIDIA Corporation <NVIDIA~1>
2007-08-24 00:16:07 626932 --a------ C:\WINDOWS\system32\drivers\HOSTS
2007-08-23 23:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <KASPER~1>
2007-08-23 23:13:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab <KASPER~1>
2007-08-23 22:37:34 0 d-------- C:\Program Files\Java
2007-08-23 22:37:33 0 d-------- C:\Program Files\Common Files\Java
2007-08-23 21:39:11 1788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-23 21:19:29 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-08-23 20:05:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-08-23 19:52:13 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-23 12:09:24 0 d-------- C:\WINDOWS\system32\cache329
2007-08-23 06:36:58 0 d-------- C:\WINDOWS\cdmxtras
2007-08-23 02:45:58 0 d-------- C:\WINDOWS\NV21084040.TMP
2007-08-23 02:40:30 0 d-------- C:\cabs
2007-08-22 19:22:48 0 d-------- C:\Program Files\Windows Media Connect 2 <WINDOW~4>
2007-08-22 18:15:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-08-22 18:13:56 0 d-------- C:\Program Files\NimoCodec Pack <NIMOCO~1>
2007-08-21 09:59:24 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-21 09:59:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-20 14:11:18 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-08-20 14:09:21 0 d-------- C:\1d19b7155186238fa7380846863b
2007-08-20 13:55:00 0 d-------- C:\Program Files\Messenger <MESSEN~1>
2007-08-20 05:40:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-08-20 05:39:32 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-08-20 02:02:19 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-17 17:27:59 0 d-------- C:\Program Files\Skype
2007-08-17 17:27:59 0 d-------- C:\Program Files\Common Files\Skype
2007-08-17 16:48:24 0 d-------- C:\Program Files\MSXML 4.0 <MSXML4~1.0>
2007-08-02 02:52:43 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-08-02 02:52:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-02 02:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-02 02:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-07-26 17:32:58 0 d-------- C:\Program Files\Microsoft Works <MICROS~3>
2007-07-26 17:32:09 0 d-------- C:\Program Files\Microsoft.NET <MICROS~1.NET>
2007-07-26 17:29:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-26 17:24:18 0 dr-h----- C:\MSOCache

-- Find3M Report ---------------------------------------------------------------

2007-08-25 21:19:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-08-25 12:21:45 0 d-------- C:\Program Files\Plaxo
2007-08-24 12:14:50 0 d--h----- C:\Program Files\InstallShield Installation Information <INSTAL~1>
2007-08-23 23:47:42 0 d-------- C:\Program Files\Ahead
2007-08-23 22:37:33 0 d-------- C:\Program Files\Common Files <COMMON~1>
2007-08-23 20:31:37 0 d-------- C:\Program Files\DVD Shrink <DVDSHR~1>
2007-08-23 06:15:11 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-08-23 03:14:27 0 d-------- C:\Program Files\Security Task Manager <SECURI~1>
2007-08-23 02:41:07 0 d-------- C:\Program Files\Drivers
2007-08-22 18:53:00 0 d-------- C:\Program Files\XP_Codec_Pack-2.0.6 <XP_COD~1.6>
2007-08-21 20:58:23 0 d-------- C:\Program Files\Conference <CONFER~1>
2007-08-20 05:40:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-08-20 05:39:56 10515 --a------ C:\WINDOWS\mozver.dat
2007-08-20 03:45:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-08-19 01:54:24 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-08-18 06

02 0 d-------- C:\Program Files\PeerGuardian2 <PEERGU~1>
2007-08-15 03:31:01 0 d-------- C:\Program Files\MSN Messenger <MSNMES~1>
2007-07-23 15:18:37 109143 --a------ C:\WINDOWS\hpoins08.dat
2007-07-23 15:07:07 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-23 15

29 0 d-------- C:\Program Files\Common Files\HP
2007-07-23 15:02:07 0 d-------- C:\Program Files\Hewlett-Packard <HEWLET~1>
2007-07-23 15:02:06 0 d-------- C:\Program Files\HP
2007-07-23 15:00:22 0 d-------- C:\Program Files\Common Files\Hewlett-Packard <HEWLET~1>
2007-07-14 23:26:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-14 11:50:41 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 <MICROS~1.2>
2007-07-14 05:33:17 0 d-------- C:\Program Files\Lavalys
2007-07-13 17:05:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-10 15:27:07 0 d-------- C:\Documents and Settings\Owner\Application Data\VoipStunt
2007-07-06 12:24:27 0 d-------- C:\Program Files\VoipStunt.com <VOIPST~1.COM>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]
"NvCplDaemon"="RUNDLL32.exe" [10/08/2004 16:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [22/10/2006 14:22 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 06:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/06/2007 20:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 16:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^UserGate 4.1 Control Panel.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\UserGate 4.1 Control Panel.lnk
backup=C:\WINDOWS\pss\UserGate 4.1 Control Panel.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\getmail]
"C:\Program Files\getmail3_3\GetMail.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.13.0.11\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProgramChecker]
C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCTRunGettingStarted]
mshta.exe "C:\Program Files\Microsoft Shared Computer Toolkit\GetStarted.hta"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simp]
C:\Program Files\Secway\SimpPro 2.2\SimpPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"C:\Program Files\Digital Media Reader\shwiconem.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
"C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3 (0x3)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"IOLO_SRV"=2 (0x2)
"WDPOperations"=2 (0x2)
"SCTThresholdMon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"sassvc"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"gusvc"=3 (0x3)
"InCDsrv"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"wwEngineSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"SharedAccess"=2 (0x2)
"McrdSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ioloDMV"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54f312bc-0619-11dc-b775-0013a3c167aa}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9ac4874-3ac9-11dc-b7f4-0013a3c167aa}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

-- End of Deckard's System Scanner: finished at 2007-08-26 12:38:03 ------------

I really appreciate the help !

Ried · 08-26-2007, 12:39 PM

Hi,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. (into Normal Mode.)

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Notes

1. If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\rapport.txt
Panda results
New HijackThis log

~~jaz_martin~~ · 08-26-2007, 02:18 PM

Unable to do the Panda Active Scan.

Its not even getting to let me accept ActiveX. Nothing happens at all.

~~jaz_martin~~ · 08-26-2007, 02:48 PM

As a matter of fact it wont let me do anything on their website???

~~jaz_martin~~ · 08-26-2007, 03:13 PM

Here are the required logs attached as files that i got so far :

SmitFraud Registry Cleaner

Deckard's

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-26 18:08:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:07, on 26/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1165521814734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165521795859
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer = 200.165.132.155 200.149.55.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7576 bytes

-- Files created between 2007-07-26 and 2007-08-26 -----------------------------

2007-08-26 16:37:40 0 d-------- C:\Documents and Settings\Owner\Application Data\HP
2007-08-26 13:42:22 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-08-26 12:34:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-26 12:34:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-26 12:34:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-25 21:15:14 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-25 21:15:14 558592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-25 21:15:14 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-08-25 21:15:14 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-08-25 21:15:14 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-08-25 21:15:14 217088 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-08-25 21:15:14 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-08-25 21:15:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-25 21:15:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-25 21:15:13 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-25 21:15:12 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-25 21:15:10 0 d-------- C:\Program Files\K-Lite Codec Pack <K-LITE~1>
2007-08-25 11:53:51 599058 --a------ C:\Program Files\dss.exe
2007-08-24 23:33:55 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2007-08-24 23:26:19 0 d-------- C:\kav
2007-08-24 12:15:34 0 d-------- C:\Program Files\directx
2007-08-24 12:14:51 0 d-------- C:\Program Files\NVIDIA Corporation <NVIDIA~1>
2007-08-24 00:16:07 626932 --a------ C:\WINDOWS\system32\drivers\HOSTS
2007-08-23 23:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <KASPER~1>
2007-08-23 23:13:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab <KASPER~1>
2007-08-23 22:37:34 0 d-------- C:\Program Files\Java
2007-08-23 22:37:33 0 d-------- C:\Program Files\Common Files\Java
2007-08-23 21:39:11 1788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-23 21:19:29 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-08-23 20:05:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-08-23 19:52:13 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-23 12:09:24 0 d-------- C:\WINDOWS\system32\cache329
2007-08-23 06:36:58 0 d-------- C:\WINDOWS\cdmxtras
2007-08-23 02:45:58 0 d-------- C:\WINDOWS\NV21084040.TMP
2007-08-23 02:40:30 0 d-------- C:\cabs
2007-08-22 19:22:48 0 d-------- C:\Program Files\Windows Media Connect 2 <WINDOW~4>
2007-08-22 18:15:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-08-22 18:13:56 0 d-------- C:\Program Files\NimoCodec Pack <NIMOCO~1>
2007-08-21 09:59:24 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-21 09:59:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-20 14:11:18 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-08-20 14:09:21 0 d-------- C:\1d19b7155186238fa7380846863b
2007-08-20 13:55:00 0 d-------- C:\Program Files\Messenger <MESSEN~1>
2007-08-20 05:40:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-08-20 05:39:32 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-08-20 02:02:19 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-17 17:27:59 0 d-------- C:\Program Files\Skype
2007-08-17 17:27:59 0 d-------- C:\Program Files\Common Files\Skype
2007-08-17 16:48:24 0 d-------- C:\Program Files\MSXML 4.0 <MSXML4~1.0>
2007-08-02 02:52:43 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-08-02 02:52:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-02 02:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-02 02:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-07-26 17:32:58 0 d-------- C:\Program Files\Microsoft Works <MICROS~3>
2007-07-26 17:32:09 0 d-------- C:\Program Files\Microsoft.NET <MICROS~1.NET>
2007-07-26 17:29:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-26 17:24:18 0 dr-h----- C:\MSOCache

-- Find3M Report ---------------------------------------------------------------

2007-08-26 13:40:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-08-25 12:21:45 0 d-------- C:\Program Files\Plaxo
2007-08-24 12:14:50 0 d--h----- C:\Program Files\InstallShield Installation Information <INSTAL~1>
2007-08-23 23:47:42 0 d-------- C:\Program Files\Ahead
2007-08-23 22:37:33 0 d-------- C:\Program Files\Common Files <COMMON~1>
2007-08-23 20:31:37 0 d-------- C:\Program Files\DVD Shrink <DVDSHR~1>
2007-08-23 06:15:11 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-08-23 03:14:27 0 d-------- C:\Program Files\Security Task Manager <SECURI~1>
2007-08-23 02:41:07 0 d-------- C:\Program Files\Drivers
2007-08-22 18:53:00 0 d-------- C:\Program Files\XP_Codec_Pack-2.0.6 <XP_COD~1.6>
2007-08-21 20:58:23 0 d-------- C:\Program Files\Conference <CONFER~1>
2007-08-20 05:40:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-08-20 05:39:56 10515 --a------ C:\WINDOWS\mozver.dat
2007-08-20 03:45:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-08-19 01:54:24 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-08-18 06

02 0 d-------- C:\Program Files\PeerGuardian2 <PEERGU~1>
2007-08-15 03:31:01 0 d-------- C:\Program Files\MSN Messenger <MSNMES~1>
2007-07-23 15:18:37 109143 --a------ C:\WINDOWS\hpoins08.dat
2007-07-23 15:07:07 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-23 15

29 0 d-------- C:\Program Files\Common Files\HP
2007-07-23 15:02:07 0 d-------- C:\Program Files\Hewlett-Packard <HEWLET~1>
2007-07-23 15:02:06 0 d-------- C:\Program Files\HP
2007-07-23 15:00:22 0 d-------- C:\Program Files\Common Files\Hewlett-Packard <HEWLET~1>
2007-07-14 23:26:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-14 11:50:41 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 <MICROS~1.2>
2007-07-14 05:33:17 0 d-------- C:\Program Files\Lavalys
2007-07-13 17:05:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-10 15:27:07 0 d-------- C:\Documents and Settings\Owner\Application Data\VoipStunt
2007-07-06 12:24:27 0 d-------- C:\Program Files\VoipStunt.com <VOIPST~1.COM>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]
"NvCplDaemon"="RUNDLL32.exe" [10/08/2004 16:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [22/10/2006 14:22 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 06:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/06/2007 20:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 16:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^UserGate 4.1 Control Panel.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\UserGate 4.1 Control Panel.lnk
backup=C:\WINDOWS\pss\UserGate 4.1 Control Panel.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\getmail]
"C:\Program Files\getmail3_3\GetMail.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.13.0.11\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProgramChecker]
C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCTRunGettingStarted]
mshta.exe "C:\Program Files\Microsoft Shared Computer Toolkit\GetStarted.hta"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simp]
C:\Program Files\Secway\SimpPro 2.2\SimpPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"C:\Program Files\Digital Media Reader\shwiconem.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
"C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3 (0x3)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"IOLO_SRV"=2 (0x2)
"WDPOperations"=2 (0x2)
"SCTThresholdMon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"sassvc"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"gusvc"=3 (0x3)
"InCDsrv"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"wwEngineSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"SharedAccess"=2 (0x2)
"McrdSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ioloDMV"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54f312bc-0619-11dc-b775-0013a3c167aa}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9ac4874-3ac9-11dc-b7f4-0013a3c167aa}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

-- End of Deckard's System Scanner: finished at 2007-08-26 18:08:32 ------------

Ried · 08-26-2007, 08:41 PM

Hiya,

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders

C:\WINDOWS\system32\ cache329
C:\WINDOWS\ cdmxtras
C:\WINDOWS\ NV21084040.TMP
C:\Program Files\Mozilla Firefox\plugins\ NPNd2fn.dll

--------------------------------------------------------------------

Run another online scan at Kaspersky and save the results. Post them here along with an update on system behavior.

~~jaz_martin~~ · 08-26-2007, 09:37 PM

It wont let me do the Kaspersky Online Scan and it says that my trial version expired after 2 days of use?

Do I smell a hax on my system somewhere?

The following file was not present or I couldnt find it:

C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll

????
Strange

Ried · 08-26-2007, 09:50 PM

No, it's not strange that file may not have still been present--I was working off your last Kaspersky scan.

I'm going to need time to read through all the posts and comments you've made in your various threads to try to sort out why Kaspersky is giving you that message.

And no..I certainly don't think you've been hacked. More often than not, it is the settings in IE, and the Windows Security, or onboard anti malware tools that are preventing Panda and/or Kaspersky from running properly.

~~jaz_martin~~ · 08-26-2007, 10:04 PM

System still in bad shape....cursor freezes media center freezes up the system files dont download from browsers activeX controls dont start from IE Windows Live messenger connects sometimes and then when i try to get mail directly it pops the IE window open but it doesnt open the site????

Basically no changes!

P.S.> The files you directed me to delete ...when in the trash can and i try to empty it says cannot read from disk or source file?

Reinstalling Kaspersky free trial just severed my connection to the net?

Turned back on manually.

Wont let me connect to their server. (Kaspersky)

msiexec.exe keeps turning on frequently....

Uninstalling the non-working free trial Kaspersky. Internet Connection severed again?

Running AVG spyware and Antivirus will post tommorrow morning.

Goodnight, and thanks for your help!

~~jaz_martin~~ · 08-26-2007, 10:07 PM

Sorry, I had the browser open so long i didnt see your post.

Probably right but i reset under internet options / security in IE to accept Active X and downloading of files.

Hey , if you are still going to be up please let me know I will stay up to take care of this. Its very important to me.

Be back in 20-25mins to check if you are going to be around.

Thanks.

~~jaz_martin~~ · 08-26-2007, 10:08 PM

Kaspersky Online worked before.....doesnt now...

08-23-2007, 05:24 PM	#1 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Computer Slow Freezes and High Cpu After i turned back on windows updates (it downloaded some 80mb of updates plus outlook security update), I downloaded soldier of fortune test demo (completely removed now i think checked registry) and kazaa (tried removing completely but a couple toolbars left in the add/remove program section) the following problems occured: Mouse cursor freezes frequently High cpu spikes on firefox and internet explorer 100% frequently applications fail to connect to internet outlook doesnt download correctly skype spikes high cpu usage computer is very slow cant play games cant work cant study Here is the highjack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53:58, on 23/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing) O9 - Extra 'Tools' menuitem: SMPS ToolBar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\Program Files\SMPS ToolBar\smps_toolbar.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1165521814734 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165521795859 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer = 200.165.132.155 200.149.55.140 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8482 bytes (posting just spiked my firefox to 212,000 memory usage and 100%cpu) Here is the Security Task Manager log: Security Task Manager -------------------------------------------------------------------------------- Computer 23/8/2007 14:36:25 Name Rating PID CPU Memory Active File Type Start Title, Description Manufacturer : product iolo DMV Service 100% 192 5,0 MB C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe Program 14:07:32 during system start-up from Plug and Play iolo technologies, LLC : Yahoo! Toolbar 48% C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Internet when Internet Explorer starts yt.YTHelper.2 (Browser Extension) Yahoo! Inc. : Yahoo! Toolbar Yahoo! IE Services 48% C:\Program Files\Yahoo!\Common\yiesrvc.dll Internet when Internet Explorer starts YUber.UberButton.1 (Browser Extension) Yahoo! Inc. : IE Services Google IE Client Toolbar 48% c:\program files\google\googletoolbar3.dll Internet when Internet Explorer starts Google Toolbar Helper (Browser Extension) Google Inc : Google Toolbar for IE GoogleToolbarNotifier 48% C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll Internet when Internet Explorer starts protector_dll.ProtectorBho.1 (Browser Extension) Google Inc : GoogleToolbarNotifier Windows Live Sign-in Assistant 46% C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Internet when Internet Explorer starts WindowsLiveLogin.dll - IDBHO.IDBrowserExtension.1 (Browser Extension) Microsoft Corporation : Microsoft® Windows Live Login Helper AVG7 Alert Manager Server 39% 1672 0,5 MB C:\Program Files\Grisoft\AVG7\avgamsvr.exe Program 14:07:32 during system start-up from Plug and Play AVG Alert Manager GRISOFT, s.r.o. : AVG Anti-Virus system AVG7 Update Service 39% 636 1,1 MB 0:03 C:\Program Files\Grisoft\AVG7\avgupsvc.exe Program 14:07:32 during system start-up from Plug and Play AVG Update Service GRISOFT, s.r.o. : AVG 7.5 Anti-Virus System Adobe Reader 7.0.5 32% C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Internet when Internet Explorer starts Adobe Acrobat IE Helper Version 7.0 for ActiveX - AcroIEHelper.AcroIEHlprObj.1 (Browser Extension) Adobe Systems, Incorporated : AcroIEHelper Library Spybot - Search & Destroy 32% C:\Program Files\Spybot - Search & Destroy\SDHelper.dll Internet when Internet Explorer starts Bad download blocker - Blocks URLs that could install spyware, malware etc. (Browser Extension) Safer Networking Ltd. : Spybot - Search & Destroy AVG 7.5 Launcher 21% C:\Program Files\Grisoft\AVG7\avgw.exe Program when Windows starts, Registry: Def\Run AVG7_Run (not active) GRISOFT, s.r.o. : AVG Anti-Virus system NVIDIA nView Wizard, Version 110.60 21% C:\WINDOWS\system32\nwiz.exe Program when Windows starts, Registry: Machine\Run nwiz (not active) NVIDIA Corporation : NVIDIA nView Wizard, Version 110.60 Skype™ 3.5 20% C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Internet when Internet Explorer starts Skype add-on for IE - Skype add-on (mastermind) · ToolBand.SkypeIEHelper.1 (Browser Extension) Skype Technologies SA : Skype add-on for IE AVG Control Center 16% 844 0,3 MB 0:01 C:\Program Files\Grisoft\AVG7\avgcc.exe Taskicon 1438 when Windows starts, Registry: Machine\Run AVG Free Edition - Control Center GRISOFT, s.r.o. : AVG Anti-Virus system NVIDIA Display Driver Service 14% 260 4,7 MB C:\WINDOWS\system32\nvsvc32.exe Program 14:07:33 during system start-up from Plug and Play Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation : NVIDIA Driver Helper Service, Version 93.71 Firefox 14% 2424 52,8 MB 0:24 C:\Program Files\Mozilla Firefox\firefox.exe Program 14:19:02 HijackThis Log Help - Tech Support Forum - Mozilla Firefox Mozilla Corporation : Firefox TrueVector Internet Monitor 5% 732 25,5 MB 0:05 C:\WINDOWS\system32\ZoneLabs\vsmon.exe Program 1424 during system start-up from Plug and Play Monitors internet traffic and generates alerts for disallowed access. Check Point Software Technologies Ltd. : TrueVector Service Windows NT Session Manager 4% 1440 0,4 MB C:\WINDOWS\System32\smss.exe Program 1419 from System Microsoft Corporation : Microsoft® Windows® Operating System Client Server Runtime Process 4% 1616 5,6 MB 0:03 C:\WINDOWS\system32\csrss.exe Program 1421 from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System Security Accounts Manager 4% 1728 1,1 MB 0:01 C:\WINDOWS\system32\lsass.exe Program 1422 during system start-up from Windows NT Logon Application Stores security information for local user accounts. Microsoft Corporation : Microsoft® Windows® Operating System Indexing Service filter daemon 4% 2288 0,3 MB 0:31 C:\WINDOWS\system32\cidaemon.exe Program 14:13:55 from Indexing Service Microsoft Corporation : Microsoft® Windows® Operating System Windows NT Logon Application 4% 1648 2,6 MB 0:01 C:\WINDOWS\system32\winlogon.exe Program 1422 from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System Remote Procedure Call (RPC) 3% 1996 5,1 MB C:\WINDOWS\system32\svchost.exe Program 1423 during system start-up from Plug and Play Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation : Microsoft® Windows® Operating System Wireless Zero Configuration 3% 396 21,7 MB 0:07 C:\WINDOWS\System32\svchost.exe Program 1423 during system start-up from Plug and Play Provides automatic configuration for the 802.11 adapters Microsoft Corporation : Microsoft® Windows® Operating System DNS Client 3% 440 4,2 MB C:\WINDOWS\system32\svchost.exe Program 1423 during system start-up from Plug and Play Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System SSDP Discovery Service 3% 1484 4,7 MB C:\WINDOWS\system32\svchost.exe Program 14:07:39 during system start-up from Plug and Play Enables discovery of UPnP devices on your home network. Microsoft Corporation : Microsoft® Windows® Operating System System idle 2% System idle Program Windows idle process Microsoft : Windows System 2% 4 0,2 MB 0:08 System Program Windows system process Microsoft : Windows Plug and Play 0% 1716 5,0 MB 0:02 C:\WINDOWS\system32\services.exe Program 1422 during system start-up from Windows NT Logon Application Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation : Microsoft® Windows® Operating System Terminal Services 0% 1920 5,9 MB C:\WINDOWS\system32\svchost.exe Program 1422 during system start-up from Plug and Play Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Microsoft Corporation : Microsoft® Windows® Operating System WebClient 0% 652 4,7 MB C:\WINDOWS\system32\svchost.exe Program 1423 during system start-up from Plug and Play Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System Indexing Service 0% 1868 0,4 MB 0:20 C:\WINDOWS\system32\cisvc.exe Program 14:07:32 during system start-up from Plug and Play Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Corporation : Microsoft® Windows® Operating System Windows Image Acquisition (WIA) 0% 740 5,0 MB C:\WINDOWS\system32\svchost.exe Program 14:07:40 during system start-up from Plug and Play Provides image acquisition services for scanners and cameras. Microsoft Corporation : Microsoft® Windows® Operating System Print Spooler 0% 3216 6,2 MB C:\WINDOWS\system32\spoolsv.exe Program 14:09:16 during system start-up from Plug and Play Loads files to memory for later printing. Microsoft Corporation : Microsoft® Windows® Operating System atmuni.sys 0% Service started disabled - IoLogMsg.dll 0% Driver started disabled - ABP480N5.SYS 0% Driver during boot - ACPI.sys 0% Driver during boot - ACPIEC.sys 0% Driver started disabled - Adobelmsvc.exe 0% Service started disabled - adpu160m.sys 0% Driver during boot - aec.sys 0% Driver manual - afd.sys 0% Driver during system start - agp440.sys 0% Driver during boot - agpCPQ.sys 0% Driver during boot - aha154x.sys 0% Driver during boot - aic78u2.sys 0% Driver during boot - aic78xx.sys 0% Driver during boot - ALCXWDM.SYS 0% Driver manual - alg.exe 0% Service manual - aliide.sys 0% Driver during boot - alim1541.sys 0% Driver during boot - amdagp.sys 0% Driver during boot - amsint.sys 0% Driver during boot - AnyDVD.sys 0% Driver manual - svchost.exe 0% Service manual - arp1394.sys 0% Driver manual after Tcpip - asc.sys 0% Driver during boot - asc3350p.sys 0% Driver during boot - asc3550.sys 0% Driver during boot - aspnet_state.exe 0% Service manual - asyncmac.sys 0% Driver manual - atapi.sys 0% Driver during boot - IoLogMsg.dll 0% Driver started disabled - atmarpc.sys 0% Driver manual after Tcpip - audstub.sys 0% Driver manual - avg7core.sys 0% Driver during system start - avg7rsw.sys 0% Driver during system start - avg7rsxp.sys 0% Driver during system start - avgclean.sys 0% Driver during system start - Beep.sys 0% Driver during system start - bridge.sys 0% Driver manual - bridge.sys 0% Driver manual - svchost.exe 0% Service during system start-up after LanmanWorkstation,LanmanServer - cbidf2k.sys 0% Driver during boot - cbidf2k.sys 0% Driver started disabled - CCDECODE.sys 0% Driver manual - ccEvtMgr.exe 0% Service started disabled after RPCSS,ccSetMgr - ccPwdSvc.exe 0% Service started disabled - ccSetMgr.exe 0% Service started disabled after RPCSS - cd20xrnt.sys 0% Driver during boot - Cdaudio.sys 0% Driver during system start - Cdfs.sys 0% Driver started disabled after +SCSI CDROM Class - Cdr4_xp.sys 0% Driver during system start - Cdralw2k.sys 0% Driver during system start - cdrom.sys 0% Driver during system start after +SCSI miniport - IoLogMsg.dll 0% Driver during system start - clipsrv.exe 0% Service started disabled after NetDDE - mscorsvw.exe 0% Service manual - cmdide.sys 0% Driver during boot - dllhost.exe 0% Service manual after rpcss - cpqarray.sys 0% Driver during boot - dac2w2k.sys 0% Driver during boot - dac960nt.sys 0% Driver during boot - disk.sys 0% Driver during boot after +SCSI miniport - dmadmin.exe 0% Service manual after RpcSs,PlugPlay,DmServer - dmboot.sys 0% Driver started disabled - dmio.sys 0% Driver during boot - dmload.sys 0% Driver during boot - DMusic.sys 0% Driver manual - dpti2o.sys 0% Driver during boot - drmkaud.sys 0% Driver manual - ehRecvr.exe 0% Service started disabled after RPCSS - ehSched.exe 0% Service started disabled after RPCSS - ElbyCDIO.sys 0% Driver during system start-up - ElbyDelay.sys 0% Driver manual - enethusb.sys 0% Driver manual - ewf.sys 0% Driver during boot - Fastfat.sys 0% Driver started disabled - fdc.sys 0% Driver manual - Fips.sys 0% Driver during system start - flpydisk.sys 0% Driver manual - fltMgr.sys 0% Driver during boot - PresentationFontCache.exe 0% Service manual - ftdisk.sys 0% Driver during boot - msgpc.sys 0% Driver manual - GoogleUpdaterService.exe 0% Service started disabled after RPCSS - svchost.exe 0% Service during system start-up after RpcSs - hidusb.sys 0% Driver manual - hpn.sys 0% Driver during boot - HPZid412.sys 0% Driver manual - HPZipr12.sys 0% Driver manual - HPZius12.sys 0% Driver manual - HSFHWBS2.sys 0% Driver manual - HSF_DP.sys 0% Driver manual - HSF_DPV.sys 0% Driver manual - HTTP.sys 0% Driver manual - svchost.exe 0% Service manual after HTTP - i2omgmt.sys 0% Driver during system start - i2omp.sys 0% Driver during boot - i8042prt.sys 0% Driver during system start - infocard.exe 0% Service started disabled - imapi.sys 0% Driver during system start - imapi.exe 0% Service manual - ini910u.sys 0% Driver during boot - intelide.sys 0% Driver during boot - Ip6Fw.sys 0% Driver manual - ipfltdrv.sys 0% Driver manual after Tcpip - ipinip.sys 0% Driver manual after Tcpip - ipnat.sys 0% Driver manual after Tcpip - ipsec.sys 0% Driver during system start - irenum.sys 0% Driver manual - isapnp.sys 0% Driver during boot - kbdclass.sys 0% Driver during system start - kmixer.sys 0% Driver manual - KSecDD.sys 0% Driver during boot - lbrtfdc.sys 0% Driver during system start - mcrdsvc.exe 0% Service started disabled after RPCSS,SSDPSRV - mdm.exe 0% Service started disabled after RPCSS - mdmxsdk.sys 0% Driver during system start-up - svchost.exe 0% Service started disabled after LanmanWorkstation,NetBIOS,PlugPlay,RpcSS - svchost.exe 0% Service manual after TcpIp,Afd,RpcSs,mhndrv - mhndrv.sys 0% Driver manual - mnmdd.sys 0% Driver during system start - mnmsrvc.exe 0% Service manual - Modem.sys 0% Driver manual - mouclass.sys 0% Driver during system start - mouhid.sys 0% Driver manual - MountMgr.sys 0% Driver during boot - mraid35x.sys 0% Driver during boot - mrxdav.sys 0% Driver manual - mrxsmb.sys 0% Driver during system start - msdtc.exe 0% Service manual after RPCSS,SamSS - Msfs.sys 0% Driver during system start - msiexec.exe 0% Service manual - MSKSSRV.sys 0% Driver manual - MSPCLOCK.sys 0% Driver manual - MSPQM.sys 0% Driver manual - mssmbios.sys 0% Driver manual - MSTEE.sys 0% Driver manual - Mup.sys 0% Driver during boot - mxnic.sys 0% Driver manual - NABTSFEC.sys 0% Driver manual - NDIS.sys 0% Driver during boot - NdisIP.sys 0% Driver manual - ndistapi.sys 0% Driver manual - ndisuio.sys 0% Driver manual - ndiswan.sys 0% Driver manual - NDProxy.sys 0% Driver manual - netbios.sys 0% Driver during system start - netbt.sys 0% Driver during system start after Tcpip - netdde.exe 0% Service started disabled after NetDDEDSDM - netdde.exe 0% Service started disabled - lsass.exe 0% Service manual after LanmanWorkstation - SMSvcHost.exe 0% Service started disabled - nic1394.sys 0% Driver manual - Npfs.sys 0% Driver during system start - Ntfs.sys 0% Driver started disabled - lsass.exe 0% Service manual - svchost.exe 0% Service started disabled after RpcSs - Null.sys 0% Driver during system start - nv4_mini.sys 0% Driver manual - nwlnkflt.sys 0% Driver manual after NwlnkFwd - nwlnkfwd.sys 0% Driver manual - ODSERV.EXE 0% Service started disabled - ohci1394.sys 0% Driver during boot - OSE.EXE 0% Service started disabled - p3.sys 0% Driver during system start - parport.sys 0% Driver manual - PartMgr.sys 0% Driver during boot - ParVdm.sys 0% Driver during system start-up after Parport,+Parallel arbitrator - pci.sys 0% Driver during boot - 0% Driver during system start - pciide.sys 0% Driver during boot - Pcmcia.sys 0% Driver started disabled - 0% Driver manual - 0% Driver manual - 0% Driver manual - 0% Driver manual - perc2.sys 0% Driver during boot - perc2hib.sys 0% Driver during boot - pgfilter.sys 0% Driver manual - HPZipm12.exe 0% Service started disabled - raspptp.sys 0% Driver manual - PRISMXL.SYS 0% Service started disabled - processr.sys 0% Driver during system start - PSIService.exe 0% Service started disabled - psched.sys 0% Driver manual after Gpc - ptilink.sys 0% Driver manual - PxHelp20.sys 0% Driver during boot - ql1080.sys 0% Driver during boot - ql10wnt.sys 0% Driver during boot - ql12160.sys 0% Driver during boot - ql1240.sys 0% Driver during boot - ql1280.sys 0% Driver during boot - rasacd.sys 0% Driver during system start - svchost.exe 0% Service manual after RasMan,Tapisrv - rasl2tp.sys 0% Driver manual - raspppoe.sys 0% Driver manual - raspti.sys 0% Driver manual - rdbss.sys 0% Driver during system start - RDPCDD.sys 0% Driver during system start - rdpdr.sys 0% Driver manual - RDPWD.sys 0% Driver manual - sessmgr.exe 0% Service manual after RPCSS - redbook.sys 0% Driver during system start - svchost.exe 0% Service started disabled after RpcSS,+NetBIOSGroup - svchost.exe 0% Service started disabled after RPCSS - RMSPPPOE.SYS 0% Driver manual - locator.exe 0% Service manual after LanmanWorkstation - rsvp.exe 0% Service manual after TcpIp,Afd,RpcSs - Rtlnicxp.sys 0% Driver manual - SCardSvr.exe 0% Service manual after PlugPlay - SRVANY.EXE 0% Service started disabled - secdrv.sys 0% Driver manual - Serial.sys 0% Driver during system start-up - Sfloppy.sys 0% Driver during system start after +SCSI miniport - svchost.exe 0% Service started disabled after Netman,WinMgmt - IoLogMsg.dll 0% Driver started disabled - sisagp.sys 0% Driver during boot - SLIP.sys 0% Driver manual - sparrow.sys 0% Driver during boot - SPBBCDrv.sys 0% Driver manual - SPBBCSvc.exe 0% Service started disabled after RPCSS - splitter.sys 0% Driver manual - sr.sys 0% Driver during boot - srescan.sys 0% Driver during boot - srv.sys 0% Driver manual - StreamIP.sys 0% Driver manual - sunkfilt.sys 0% Driver manual - swenum.sys 0% Driver manual - swmidi.sys 0% Driver manual - dllhost.exe 0% Service manual after rpcss - symc810.sys 0% Driver during boot - symc8xx.sys 0% Driver during boot - SYMEVENT.SYS 0% Driver manual - 0% Driver manual - sym_hi.sys 0% Driver during boot - sym_u3.sys 0% Driver during boot - sysaudio.sys 0% Driver manual - smlogsvc.exe 0% Service manual - tcpip.sys 0% Driver during system start after IPSec - TDPIPE.sys 0% Driver manual - TDTCP.sys 0% Driver manual - termdd.sys 0% Driver during system start - tlntsvr.exe 0% Service started disabled after RPCSS,TCPIP,NTLMSSP - toside.sys 0% Driver during boot - Udfs.sys 0% Driver started disabled - ultra.sys 0% Driver during boot - update.sys 0% Driver manual - svchost.exe 0% Service manual after SSDPSRV,HTTP - ups.exe 0% Service manual - usbaudio.sys 0% Driver manual - usbccgp.sys 0% Driver manual - usbehci.sys 0% Driver manual - usbhub.sys 0% Driver manual - usbohci.sys 0% Driver manual - usbprint.sys 0% Driver manual - usbscan.sys 0% Driver manual - USBSTOR.SYS 0% Driver manual - svchost.exe 0% Service manual after rpcss,eventlog - V0090Vid.sys 0% Driver manual - vga.sys 0% Driver during system start - viaagp.sys 0% Driver during boot - viaide.sys 0% Driver during boot - VolSnap.sys 0% Driver during boot - vsdatant.sys 0% Driver during system start after TCPIP - vssvc.exe 0% Service manual after RPCSS - wanarp.sys 0% Driver manual - wanatw4.sys 0% Driver manual - 0% Driver manual - wdmaud.sys 0% Driver manual - SRVANY.EXE 0% Service started disabled - HSF_CNXT.sys 0% Driver manual - svchost.exe 0% Service manual - svchost.exe 0% Service manual - wmiapsrv.exe 0% Service manual after RPCSS - WMPNetwk.exe 0% Service started disabled after upnphost,http,HTTPFilter - WSTCODEC.SYS 0% Driver manual - svchost.exe 0% Service started disabled - WudfPf.sys 0% Driver manual - wudfrd.sys 0% Driver manual - svchost.exe 0% Service manual after PlugPlay - WasherSvc.exe 0% Service started disabled - svchost.exe 0% Service manual after RpcSs - NVIDIA Display Properties Extension 0% C:\WINDOWS\system32\NvCpl.dll Program when Windows starts, Registry: Machine\Run NvCplDaemon (not active) NVIDIA Corporation : NVIDIA Compatible Windows 2000 Display driver, Version 93.71 NVIDIA Media Center Library 0% C:\WINDOWS\system32\NvMcTray.dll Program when Windows starts, Registry: Machine\Run NvMediaCenter (not active) NVIDIA Corporation : NVIDIA Media Center Library Windows Portable Device Shell Service Object 0% C:\WINDOWS\system32\WPDShServiceObj.dll Program when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad WPDShServiceObj WPDShServiceObj Class (not active) Microsoft Corporation : Microsoft® Windows® Operating System ZoneAlarm 0% 816 5,7 MB 0:02 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Taskicon 1438 when Windows starts, Registry: Machine\Run ZoneAlarm Client Check Point Software Technologies Ltd. : ZoneAlarm Client Security Task Manager 0% 3772 0:05 C:\Program Files\Security Task Manager\TaskMan.exe Program 14:34:42 from Windows Explorer Security Task Manager A. & M. Neuber Software : Security Task Manager Windows Explorer 0% 460 42,8 MB 0:24 C:\WINDOWS\Explorer.EXE Program 1436 Program Manager, Microsoft Corporation : Microsoft® Windows® Operating System Run a DLL as an App 0% 2092 1,4 MB 0:08 C:\WINDOWS\system32\rundll32.exe Program 14:16:37 from Windows Explorer Add or Remove Programs Microsoft Corporation : Microsoft® Windows® Operating System I also have a complete system file log but its like 5Mb and cant post it here nor would I do so...... I dont know if this helps but here is the UnInstall List: Adobe Flash Player 9 ActiveX Adobe Photoshop CS Adobe Reader 7.0.5 Adobe Shockwave Player Ahead InCD EasyWrite Reader Arquivo do WinRAR AVG 7.5 ccCommon Creative WebCam Center Creative WebCam Vista Plus Driver (1.02.02.0414) Creative WebCam Vista Plus User's Guide (English) DAO Digital Media Reader DVD Shrink 3.2 EVEREST Home Edition v2.20 GMail Drive Shell Extension Google Earth Google Gmail Notifier Google Toolbar for Internet Explorer HD Tune 2.52 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Document Viewer 6.1 HP Extended Capabilities 6.1 HP Imaging Device Functions 6.1 HP Photosmart Premier Software 6.1 HP PSC & OfficeJet 6.1.A HP Software Update HP Solution Center and Imaging Support Tools 6.1 Informações Velox iolo technologies' System Mechanic 7 J2SE Runtime Environment 5.0 Update 2 Jurídico 2006 Learn2 Player (Uninstall Only) LightDialer 3.0 LightModem 3.0 LimeWire PRO 4.10.0 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office XP Professional with FrontPage Microsoft Shared Computer Toolkit Microsoft Shared Computer Toolkit Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows XP Video Decoder Checkup Utility Mozilla Firefox (2.0.0.6) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Multimedia Keyboard Driver Napster Burn Engine Nero 7 Premium Nero BurnRights Nero Suite Nimo Codecs Pack v5.0 (Remove Only) Norton Internet Security NVIDIA Drivers PeerGuardian 2.0 Plaxo Toolbar for Outlook and Outlook Express PowerDVD QuickTime Raketu - Communications Information and Entertainment RealPlayer Realtek AC'97 Audio Recovery Software Suite eMachines RoamDrive 1.0.2292.14902 Security Task Manager 1.7 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB936509) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB936514) Security Update for the 2007 Microsoft Office System (KB936960) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Siemens Subscriber Networks SpeedStream DSL Skype™ 3.5 SMPS ToolBar Soft Data Fax Modem with SmartCP Sonic Encoders SPBBC Spybot - Search & Destroy 1.4 Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB934393) Update for Windows Media Player 10 (KB913800) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB938828) Update for Word 2007 (KB934173) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player Visual Vision EbooksWriterLITE_e VoipStunt Window Washer Windows Communication Foundation Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows Media Player Hotfix [See KB832353 for more information] Windows Presentation Foundation Windows Workflow Foundation Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888239 Windows XP Media Center Edition 2005 KB925766 WinZip 11.1 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Mail Quick Select Tool (PhotoMail) Yahoo! Messenger Yahoo! Toolbar ZoneAlarm I have downloaded the AVG AntiSpyware and it picked some things up which I will remove but Im certain that there are plenty of other problems since I already have tried spybot webroot spysweeper avg antivirus norton zone alarm antivirus MCafee etc....few others.... I also have done a dickcheck diskclean defragment checkdisk and tried to clean out registry for unknow items... Please Help We use this computer for the entire family to work study research play games etc...... Kindest Regards to Tech Support and Thank you in advance ! Marty

08-23-2007, 07:46 PM	#2 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu I have a complete system info file log but its like 5.8mb and i cant upload it here !

08-23-2007, 08:30 PM	#3 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu P.S.> At some point there was the ViewPoint Media Player with an icon that looked like Windows Media Player. I just deleted it. Cannot find the Program file folder - deleted by add/remove function. What is it? There are some Windows Media Player ( I think ) as well that I could never delete: Migrate MLS Migrate Dll Microsoft Corp. - Is this an unvalid unsafe file? WM Windows Media Player Luncher Microsoft Corp. - It does not lunch just does nothing also cannot delete/erase. Downloaded Windows Media Player 11 that has overwritten 10. 10 was problematic.

08-23-2007, 08:59 PM	#4 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu Logged in as Admin and unable to download Deckard's System Scanner (DSS)

08-23-2007, 10:05 PM	#5 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu # Start \| Run (type) "services.msc" (no quotes) # Scroll down to "DNS Client", Right-click and select: Properties # Click the drop-down arrow for "Startup type" # Select: Manual, or Disabled (recommended) click Apply/Ok and restart. I did this recently on the account of your Security Center Articles. Vaild?

08-23-2007, 10:21 PM	#6 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu SmitFraud Log: SmitFraudFix v2.216 Scan done at 1:16:46,32, sex 24/08/2007 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 hk.digitaltrends.com 127.0.0.1 microsoft.com.org 127.0.0.1 www.www.microsoft.com.org »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\Tasks\At?.job FOUND ! C:\WINDOWS\Tasks\At??.job FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 200.165.132.155 DNS Server Search Order: 200.149.55.140 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7756DA83-C2EA-4138-8D6D-FBD82D606F19}: NameServer=200.165.132.155 200.149.55.140 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

08-24-2007, 07:41 AM	#8 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu System t6520 machines RS480 chipset amd 2.4 3400 1gb memory geforce 7600GS video card water cooling fan and 2 hd 200gb 250gb

08-26-2007, 08:19 AM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,970 OS: WinXP and Vista	Re: Computer Slow Freezes and High Cpu Let's see if Kaspersky truly got it all for you as you posted here http://www.techsupportforum.com/secu...st1048412.html Creating multiple threads only served to confuse us all. Please confine your posts to a single thread. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" A text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! -------------------------------------------------- Run a new scan with dss.exe and post the main.txt along with the report generated by the SmitfraudFix tool. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-26-2007, 12:39 PM	#11 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,970 OS: WinXP and Vista	Re: Computer Slow Freezes and High Cpu Hi, Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. ************************************************* Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter*. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes* by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. (into Normal Mode.) The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Notes 1. If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. 2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: C:\rapport.txt Panda results New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-26-2007, 02:18 PM	#12 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu Unable to do the Panda Active Scan. Its not even getting to let me accept ActiveX. Nothing happens at all.

08-26-2007, 02:48 PM	#13 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu As a matter of fact it wont let me do anything on their website???

08-26-2007, 08:41 PM	#15 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,970 OS: WinXP and Vista	Re: Computer Slow Freezes and High Cpu Hiya, Please ensure Hidden files and folders are viewable: Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Files and Folders C:\WINDOWS\system32\ cache329 C:\WINDOWS\ cdmxtras C:\WINDOWS\ NV21084040.TMP C:\Program Files\Mozilla Firefox\plugins\ NPNd2fn.dll -------------------------------------------------------------------- Run another online scan at Kaspersky and save the results. Post them here along with an update on system behavior. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-26-2007, 09:37 PM	#16 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu It wont let me do the Kaspersky Online Scan and it says that my trial version expired after 2 days of use? Do I smell a hax on my system somewhere? The following file was not present or I couldnt find it: C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll ???? Strange

08-26-2007, 09:50 PM	#17 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,970 OS: WinXP and Vista	Re: Computer Slow Freezes and High Cpu No, it's not strange that file may not have still been present--I was working off your last Kaspersky scan. I'm going to need time to read through all the posts and comments you've made in your various threads to try to sort out why Kaspersky is giving you that message. And no..I certainly don't think you've been hacked. More often than not, it is the settings in IE, and the Windows Security, or onboard anti malware tools that are preventing Panda and/or Kaspersky from running properly. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-26-2007, 10:04 PM	#18 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu System still in bad shape....cursor freezes media center freezes up the system files dont download from browsers activeX controls dont start from IE Windows Live messenger connects sometimes and then when i try to get mail directly it pops the IE window open but it doesnt open the site???? Basically no changes! P.S.> The files you directed me to delete ...when in the trash can and i try to empty it says cannot read from disk or source file? Reinstalling Kaspersky free trial just severed my connection to the net? Turned back on manually. Wont let me connect to their server. (Kaspersky) msiexec.exe keeps turning on frequently.... Uninstalling the non-working free trial Kaspersky. Internet Connection severed again? Running AVG spyware and Antivirus will post tommorrow morning. Goodnight, and thanks for your help!

08-26-2007, 10:07 PM	#19 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu Sorry, I had the browser open so long i didnt see your post. Probably right but i reset under internet options / security in IE to accept Active X and downloading of files. Hey , if you are still going to be up please let me know I will stay up to take care of this. Its very important to me. Be back in 20-25mins to check if you are going to be around. Thanks.

08-26-2007, 10:08 PM	#20 (permalink)
~~jaz_martin~~ Register user Join Date: Aug 2007 Location: Chicago/Fortaleza Brazil Posts: 140 OS: windows xp	Re: Computer Slow Freezes and High Cpu Kaspersky Online worked before.....doesnt now...