Can't get rid of pop ups.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-27 16:25:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-05-27 21:25:53 UTC - RP209 - Deckard's System Scanner Restore Point
80: 2008-05-27 01:39:09 UTC - RP208 - Restore Operation
79: 2008-05-27 01:37:58 UTC - RP207 - Restore Operation
78: 2008-05-26 18:48:45 UTC - RP206 - System Checkpoint
77: 2008-05-24 17:16:16 UTC - RP205 - System Checkpoint


-- First Restore Point --
1: 2008-05-04 05:41:14 UTC - RP129 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-27 16:29:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\Cmcom.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.101
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {25a35b2e-e274-c71b-cf04-dd55b1206658} - {8566021b-55dd-40fc-b17c-472ee2b53a52} - C:\WINDOWS\system32\gmliloss.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Promon.exe] PROMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [78da517f] rundll32.exe "C:\WINDOWS\system32\ndthrlha.dll",b
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Compaq Client Manager.lnk = C:\Program Files\Compaq Wireless LAN\Client Manager\CMcom.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe


--
End of file - 6444 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>

S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VM Network Connection
Device ID: PCI\VEN_8086&DEV_1038&SUBSYS_00980E11&REV_42\4&139E449D&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VM Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1038&SUBSYS_00980E11&REV_42\4&139E449D&0&40F0
Service: E100B


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 20:05:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-26 20:40:08 0 d-------- C:\Program Files\iTunes
2008-05-26 20:22:50 0 d-------- C:\Program Files\StumbleUpon
2008-05-08 23:26:08 0 d-------- C:\Program Files\iTunes(2)
2008-05-08 23:22:01 0 d-------- C:\Program Files\Apple Software Update
2008-05-08 23:21:11 0 d-------- C:\Program Files\Common Files\Apple
2008-05-07 19:01:31 3129344 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-05-06 21:11:16 0 d-------- C:\Documents and Settings\Owner\Application Data\StumbleUpon
2008-05-06 12:14:32 0 d-------- C:\WINDOWS\system32\glvLog
2008-05-04 22:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 22:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 22:52:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 21:24:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-04 21:20:51 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-04 21:20:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-04 21:20:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-04 21:20:51 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-04 21:20:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-04 21:20:50 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-05-04 15:19:11 0 d-------- C:\WINDOWS\system32\zsfiles
2008-05-04 15:18:50 131072 --a------ C:\WINDOWS\system32\datestamp.dll <Not Verified; FBMSoftware; FBMSoftware TimeStamp>
2008-05-04 15:18:12 0 d-------- C:\WINDOWS\system32\ZeroSpyware
2008-05-04 15:18:02 64336 --a------ C:\WINDOWS\system32\zsnotify.dll <Not Verified; FBM; FBM zsnotify>
2008-05-04 15:13:43 0 d-------- C:\Program Files\FBM Software
2008-05-04 13:14:13 95296 --a------ C:\WINDOWS\system32\ndthrlha.dll
2008-05-04 13:14:07 108096 --a------ C:\WINDOWS\system32\gmliloss.dll
2008-05-04 12:44:20 108096 --a------ C:\WINDOWS\system32\lortxswd.dll
2008-05-04 00:47:22 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-04 00:45:40 0 d-------- C:\Program Files\Greatis
2008-05-04 00:35:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-04 00:35:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-04 00:34:58 0 dr------- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:45:31 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-26 20:40:40 0 d-------- C:\Program Files\QuickTime
2008-05-26 20:23:55 0 d-------- C:\Program Files\iPod
2008-05-08 23:21:11 0 d-------- C:\Program Files\Common Files
2008-05-04 22:52:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 15:18:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 13:28:48 0 d-------- C:\Program Files\DivX
2008-04-23 15:06:47 0 d-------- C:\Program Files\BitTorrent
2008-04-02 20:26:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8566021b-55dd-40fc-b17c-472ee2b53a52}]
05/04/2008 01:14 PM 108096 --a------ C:\WINDOWS\system32\gmliloss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/17/2007 11:31 PM]
"Promon.exe"="PROMon.exe" [04/18/2002 06:32 PM C:\WINDOWS\system32\PROMon.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/15/2004 09:00 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"78da517f"="C:\WINDOWS\system32\ndthrlha.dll" [05/04/2008 11:41 PM]
"ZSScheduler"="C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll" [05/26/2006 04:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="" []
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Client Manager.lnk - C:\Program Files\Compaq Wireless LAN\Client Manager\CMcom.EXE [8/25/2007 6:22:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B3102264-D09D-4322-B625-503FBF18DD7E}"= C:\WINDOWS\system32\tuvSmnlI.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zsnotify]
zsnotify.dll 05/26/2006 04:11 PM 64336 C:\WINDOWS\system32\zsnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - NMSCFG



-- End of Deckard's System Scanner: finished at 2008-05-27 16:31:36 ------------

Click to expand...