Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware, Vsadd-in And Others


  • This topic is locked This topic is locked
12 replies to this topic

#1 keith43

keith43

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 05 November 2006 - 06:43 PM

Hi my name is Keith, if you could help me with this it would be good. I have posted the hijackthis log below

Logfile of HijackThis v1.99.1
Scan saved at 23:20:56, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Becky\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {331A24C0-9D06-42F0-A7DB-1EE14B16BB3C} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {4397DA1F-651D-BFD7-DEFB-08FAC35646BC} - C:\WINDOWS\system32\fbnwkbm.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hzldrfi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hzldrfi.dll,fmjgldb
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

cheers

BC AdBot (Login to Remove)

 


m

#2 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 06 November 2006 - 05:40 AM

Hi and welcome. My name is Kairis and I will be helping you.
You have some crap there! But don't worry; we'll get you cleaned up!
Please follow my steps in the right order...
We'll start with this:

Step 1:
You are currently using hijackthis from a desktop. This can cause problems.
Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory.
Run the program from that directory from now on.
It is essential that you follow these steps or certain important features of the program will not function correctly.

Step2:
Disable AVG Anti-Spyware guard:
At first, well have to disable Ewido guard since it may interfere with
our cleaning (We can enable it when you're clean)
  • Open AVG Anti-Spyware
  • Click Guard
  • Click under "resident shield is"
  • Change it to inactive
  • Close AVG Anti-Spyware
Step3:
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step4:
In your next reply, please include the following logs: Vundofix report, Fresh Hijackthis. Thanks.

#3 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 06 November 2006 - 02:23 PM

Cheers Kairis

Logfile of HijackThis v1.99.1
Scan saved at 19:19:46, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {331A24C0-9D06-42F0-A7DB-1EE14B16BB3C} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {4397DA1F-651D-BFD7-DEFB-08FAC35646BC} - C:\WINDOWS\system32\fbnwkbm.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hzldrfi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hzldrfi.dll,fmjgldb
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


VundoFix V6.2.7

Checking Java version...

Scan started at 19:00:18 06/11/2006

Listing files found while scanning....

C:\WINDOWS\system32\fbnwkbm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fbnwkbm.dll
C:\WINDOWS\system32\fbnwkbm.dll Has been deleted!

Performing Repairs to the registry.
Done!

just a quick question, am i k to logon to all my accounts, or should i wait till all these rubbish is gone? quick answer would be good :thumbsup:

Edited by keith43, 06 November 2006 - 03:57 PM.


#4 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 07 November 2006 - 02:52 AM

Hello keith43, thanks for the logs. :thumbsup:
Please wait untill everything is clear before you logon another accounts.

Step 1:
Please download Combofix http://download.bleepingcomputer.com/sUBs/combofix.exe
to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Step 2:
Update your AVG Anti-Spyware and scan in safe mode.

Step3:
Make sure that you can see hidden files.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
Step4:
Reboot your computer in Safe Mode.
Please print the instructions below.
Then reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
select safe mode from the menu
If you are still unsure, see here

Step 5:
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\WINDOWS\system32\hzldrfi.dll<==File

Step6:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Ewido will now begin the scanning process, be patient this may take a little time.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close ewido.
Step7:
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O2 - BHO: (no name) - {331A24C0-9D06-42F0-A7DB-1EE14B16BB3C} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {4397DA1F-651D-BFD7-DEFB-08FAC35646BC} - C:\WINDOWS\system32\fbnwkbm.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [hzldrfi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hzldrfi.dll,fmjgldb
O20 - Winlogon Notify: vtutu - C:\WINDOWS\
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
Select Fix Checked

Step8:
In your next reply, please include the following logs: Fresh Hijackthis, AVG A-S log and Combofix report. Thanks.

#5 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 07 November 2006 - 02:11 PM

Cheers for the help! here are the logs

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:45:52 07/11/2006

+ Scan result:



HKU\S-1-5-21-776561741-1417001333-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-776561741-1417001333-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BF5B8FC-11CB-409F-8C91-4D4CA04A1B6D} -> Adware.Generic : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP42\A0005326.dll -> Adware.ProtectionBar : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004091.exe -> Downloader.Zlob.auk : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004099.exe -> Downloader.Zlob.auk : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004106.exe -> Downloader.Zlob.auk : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004089.dll -> Downloader.Zlob.auo : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004097.dll -> Downloader.Zlob.auo : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004103.dll -> Downloader.Zlob.auo : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004104.exe -> Downloader.Zlob.auo : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP42\A0005327.exe -> Downloader.Zlob.auo : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004105.exe -> Downloader.Zlob.aus : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP42\A0005329.exe -> Downloader.Zlob.aus : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP42\A0005335.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP42\A0004219.exe -> Dropper.Small.asx : Cleaned.
C:\System Volume Information\_restore{854656FF-2CBD-4973-A89B-5466E424661E}\RP41\A0004102.dll -> Not-A-Virus.Hoax.Win32.Renos.gb : Cleaned.
:mozilla.419:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.421:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.422:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.456:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.507:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.508:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.509:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.413:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.415:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.416:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.417:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.418:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.467:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.468:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.438:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.439:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.440:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.441:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.442:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.255:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.412:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.514:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.118:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.414:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.487:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.490:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.244:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.256:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.261:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.328:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.454:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.455:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.449:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.475:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.476:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.477:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.478:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.540:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.479:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.480:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.481:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.482:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.483:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.36:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.37:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.384:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.385:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.392:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.72:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.450:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.505:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.506:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.554:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.472:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.89:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.555:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.443:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.471:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.488:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.489:C:\Documents and Settings\Becky\Application Data\Mozilla\Firefox\Profiles\4g9u96gd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\qxngggci.dll -> Trojan.BHO.g : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 18:55:46, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Becky - 06-11-07 17:59:28.81 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{28B9A4E3-0574-1033-0602-05002c}


((((((((((((((((((((((((((((((( Files Created from 2006-10-07 to 2006-11-07 ))))))))))))))))))))))))))))))))))


2006-11-06 23:09 225,280 --a------ C:\PlayerHost.dll
2006-11-05 13:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-05 13:51 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-05 13:51 3,646 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-05 13:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-05 13:51 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-05 11:00 598,608 ---hs---- C:\WINDOWS\system32\ututv.bak2
2006-11-05 11:00 598,182 ---hs---- C:\WINDOWS\system32\ututv.ini2
2006-11-05 10:14 60,436 --a------ C:\WINDOWS\system32\qxngggci.dll
2006-11-05 10:14 598,067 ---hs---- C:\WINDOWS\system32\ututv.bak1
2006-11-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-05 09:49 93,696 --a------ C:\WINDOWS\system32\hzldrfi.dll
2006-11-04 08:33 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-11-03 21:16 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2006-11-03 21:16 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-10-28 13:01 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-10-28 13:00 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-24 10:17 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-17 21:36 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2006-10-17 21:36 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2006-10-17 21:31 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2006-10-17 21:31 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-10-17 21:31 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-10-17 21:31 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2006-10-17 21:31 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-10-17 21:31 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2006-10-17 21:31 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2006-10-13 23:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-13 17:58 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-10-13 09:21 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-12 22:46 163,840 -ra------ C:\WINDOWS\system32\igfxres.dll
2006-10-12 22:45 946,176 --a------ C:\WINDOWS\system32\bcmacfg.dll
2006-10-12 22:45 909,312 --a------ C:\WINDOWS\system32\bcmctrls.dll
2006-10-12 22:45 86,016 --a------ C:\WINDOWS\system32\wltrynt.dll
2006-10-12 22:45 847,983 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE
2006-10-12 22:45 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-12 22:45 65,536 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2006-10-12 22:45 65,536 --a------ C:\WINDOWS\system32\preflib.dll
2006-10-12 22:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-12 22:45 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-12 22:45 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-12 22:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-12 22:45 32,768 --------- C:\WINDOWS\biwlanappxpver.dll
2006-10-12 22:45 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-12 22:45 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-12 22:45 192,512 --a------ C:\WINDOWS\system32\AegisI5.exe
2006-10-12 22:45 172,032 --a------ C:\WINDOWS\system32\BCMLogon.dll
2006-10-12 22:45 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-10-12 22:45 1,396,831 --a------ C:\WINDOWS\system32\AegisE5.dll
2006-10-12 22:45 1,204,224 --a------ C:\WINDOWS\system32\bcmwcfg.dll
2006-10-12 22:45 1,040,384 --a------ C:\WINDOWS\system32\bcmntray.EXE
2006-10-12 22:40 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-12 22:36 65,536 --a------ C:\WINDOWS\system32\hpqactn.dll
2006-10-12 22:36 425,984 --a------ C:\WINDOWS\system32\hpqPres.dll
2006-10-12 22:36 32,768 --a------ C:\WINDOWS\system32\eabhbrn8.dll
2006-10-12 22:36 225,280 --a------ C:\WINDOWS\system32\cpqinfo.dll
2006-10-12 22:32 32,356 --------- C:\WINDOWS\system32\pusbfd1.sys
2006-10-12 22:28 69,632 --a------ C:\WINDOWS\system32\bcmwlD2K.EXE
2006-10-12 22:28 371,712 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2006-10-12 22:28 32,768 --------- C:\WINDOWS\biwlandrvxpver.dll
2006-10-12 22:28 176,128 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2006-10-12 22:27 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2006-10-12 22:27 86,016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2006-10-12 22:27 821,819 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2006-10-12 22:27 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2006-10-12 22:27 776,349 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2006-10-12 22:27 77,917 --a------ C:\WINDOWS\system32\SynCOM.dll
2006-10-12 22:27 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2006-10-12 22:27 69,632 -ra------ C:\WINDOWS\system32\oemdspif.dll
2006-10-12 22:27 61,440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v3992.dll
2006-10-12 22:27 512,000 -ra------ C:\WINDOWS\system32\ialmgdev.dll
2006-10-12 22:27 503,808 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2006-10-12 22:27 49,152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2006-10-12 22:27 45,056 -ra------ C:\WINDOWS\system32\igfxdgps.dll
2006-10-12 22:27 37,951 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2006-10-12 22:27 36,864 -ra------ C:\WINDOWS\system32\igfxexps.dll
2006-10-12 22:27 348,160 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2006-10-12 22:27 225,280 -ra------ C:\WINDOWS\system32\igfxpph.dll
2006-10-12 22:27 225,280 -ra------ C:\WINDOWS\system32\igfxeud.dll
2006-10-12 22:27 2,289,664 -ra------ C:\WINDOWS\system32\ialmgicd.dll
2006-10-12 22:27 186,016 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2006-10-12 22:27 165,595 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2006-10-12 22:27 155,648 -ra------ C:\WINDOWS\system32\igfxtray.exe
2006-10-12 22:27 151,552 -ra------ C:\WINDOWS\system32\igfxdiag.exe
2006-10-12 22:27 139,264 -ra------ C:\WINDOWS\system32\igfxdev.dll
2006-10-12 22:27 126,976 -ra------ C:\WINDOWS\system32\igfxhk.dll
2006-10-12 22:27 126,976 -ra------ C:\WINDOWS\system32\hkcmd.exe
2006-10-12 22:27 118,784 -ra------ C:\WINDOWS\system32\hccutils.dll
2006-10-12 22:27 114,688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2006-10-12 22:27 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2006-10-12 22:27 106,496 -ra------ C:\WINDOWS\system32\igfxext.exe
2006-10-12 22:27 100,924 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2006-10-12 22:27 1,245,184 -ra------ C:\WINDOWS\system32\igfxress.dll
2006-10-12 22:25 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-12 22:25 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-12 22:25 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-12 22:25 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-12 22:25 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-12 22:25 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-12 22:25 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-12 22:25 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-12 22:25 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-12 22:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-12 22:25 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-12 22:25 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-12 22:25 145,920 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-12 22:25 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-12 22:25 127,744 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2006-10-12 22:24 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-10-12 22:24 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-10-12 22:24 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-10-12 22:24 259,840 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2006-10-12 22:24 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-10-12 20:35 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-12 20:35 0 -rahs---- C:\MSDOS.SYS
2006-10-12 20:35 0 -rahs---- C:\IO.SYS
2006-10-12 20:35 0 --a------ C:\CONFIG.SYS
2006-10-12 20:35 0 --a------ C:\AUTOEXEC.BAT
2006-10-12 20:33 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-12 20:33 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-12 20:33 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-12 20:33 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-12 20:32 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-12 20:32 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-12 20:32 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-12 20:32 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-12 20:32 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-12 20:32 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-12 20:32 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-12 20:32 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-12 20:32 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-12 20:32 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-12 20:32 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-12 20:32 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-12 20:32 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-12 20:32 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-12 20:32 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-12 20:32 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-12 20:32 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-12 20:32 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-12 20:32 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-12 20:32 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-12 20:32 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-12 20:32 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-12 20:32 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-12 20:32 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-12 20:32 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-12 20:32 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-12 20:32 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-12 20:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-12 20:32 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-12 20:32 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-12 20:32 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-12 20:32 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-12 20:32 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-12 20:32 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-12 20:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-12 20:32 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-12 20:32 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-12 20:32 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-12 20:32 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-12 20:32 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-12 20:32 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-12 20:31 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-12 20:31 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-12 20:31 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-12 20:31 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-12 20:31 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-12 20:31 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-12 20:31 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-12 20:31 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-12 20:31 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-12 20:31 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-12 20:31 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-12 20:31 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-12 20:31 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-12 20:31 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-12 20:30 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-12 20:30 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-12 20:30 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-12 20:30 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-12 20:30 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-12 20:30 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-12 20:30 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-12 20:30 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-12 20:30 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-12 20:30 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-12 20:30 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-12 20:30 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-12 20:30 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-12 20:30 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-12 20:30 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-12 20:30 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-12 20:30 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-12 20:30 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-12 20:30 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-12 20:30 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-12 20:30 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-12 20:30 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-12 20:30 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-12 20:30 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-12 20:30 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-12 20:30 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-12 20:30 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-12 20:30 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-12 20:30 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-12 20:30 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-12 20:30 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-12 20:30 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-12 20:30 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-12 20:30 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-12 20:30 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-12 20:30 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-12 20:30 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-12 20:30 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-12 20:30 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-12 20:30 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-12 20:30 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-12 20:30 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-12 20:30 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-12 20:30 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-12 20:30 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-12 20:30 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-12 20:30 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-12 20:30 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-12 20:30 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-12 20:30 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-12 20:30 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-12 20:30 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-12 20:30 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-12 20:30 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-12 20:30 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-12 20:30 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-12 20:30 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-12 20:30 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-12 20:30 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-12 20:30 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-12 20:30 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-12 20:30 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-12 20:30 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-12 20:30 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-12 20:30 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-12 20:30 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-12 20:30 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-12 20:30 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-12 20:30 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-12 20:30 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-12 18:42 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-12 18:41 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-12 18:41 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-12 18:41 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-10-12 18:40 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2006-10-12 18:40 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2006-10-12 18:40 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-12 18:40 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2006-10-12 18:40 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2006-10-12 18:39 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-12 18:39 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-12 18:39 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-12 18:39 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-12 18:39 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-12 18:39 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-12 18:39 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-12 18:39 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-12 18:39 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-12 18:39 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-12 18:39 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-12 18:39 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-12 18:39 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-12 18:39 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-12 18:38 74,752 --a------ C:\WINDOWS\system32\storprop.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-07 18:00 -------- d-------- C:\Program Files\Common Files
2006-11-07 17:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-07 07:36 -------- d-------- C:\Documents and Settings\Becky\Application Data\uTorrent
2006-11-06 22:53 -------- d---s---- C:\Documents and Settings\Becky\Application Data\Microsoft
2006-11-05 23:20 -------- d-------- C:\Program Files\CCleaner
2006-11-05 11:10 -------- d-------- C:\Program Files\Lavasoft
2006-11-05 11:10 -------- d-------- C:\Documents and Settings\Becky\Application Data\Lavasoft
2006-11-05 10:16 -------- d-------- C:\Program Files\VSAdd-in
2006-11-05 10:14 -------- d-------- C:\Documents and Settings\Becky\Application Data\SearchToolbarCorp
2006-11-05 10:02 -------- d-------- C:\Program Files\Grisoft
2006-11-05 09:53 -------- d-------- C:\Program Files\Stardock
2006-11-05 09:53 -------- d-------- C:\Program Files\Common Files\Stardock
2006-11-05 09:26 -------- d-------- C:\Program Files\Object Desktop
2006-11-03 21:14 -------- d-------- C:\Program Files\MagicISO
2006-11-02 19:38 -------- d-------- C:\Program Files\MSN Messenger
2006-10-29 15:37 -------- d-------- C:\Documents and Settings\Becky\Application Data\foobar2000
2006-10-29 10:59 -------- d-------- C:\Documents and Settings\Becky\Application Data\Ahead
2006-10-29 09:41 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-29 09:38 -------- d-------- C:\Program Files\Nero
2006-10-28 17:59 -------- d-------- C:\Program Files\Alcohol Toolbar
2006-10-28 13:16 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-22 12:18 -------- d-------- C:\Documents and Settings\Becky\Application Data\Sun
2006-10-22 08:04 -------- d-------- C:\Documents and Settings\Becky\Application Data\Real
2006-10-22 08:02 -------- d-------- C:\Program Files\Real
2006-10-22 08:02 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-22 08:02 -------- d-------- C:\Program Files\Common Files\Real
2006-10-21 11:30 -------- d-------- C:\Program Files\WinRAR
2006-10-17 21:36 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 21:31 -------- d-------- C:\Program Files\Samsung
2006-10-15 14:59 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-15 12:33 -------- d-------- C:\Documents and Settings\Becky\Application Data\Opera
2006-10-15 12:32 -------- d-------- C:\Documents and Settings\Becky\Application Data\Adobe
2006-10-14 21:57 -------- d-------- C:\Program Files\Messenger
2006-10-14 21:57 -------- d-------- C:\Program Files\Internet Explorer
2006-10-14 21:56 -------- d-------- C:\Program Files\Windows Media Player
2006-10-14 21:52 -------- d-------- C:\Program Files\Outlook Express
2006-10-14 21:52 -------- d-------- C:\Program Files\Common Files\System
2006-10-14 18:24 -------- d-------- C:\Documents and Settings\Becky\Application Data\vlc
2006-10-14 18:15 -------- d-------- C:\Program Files\VideoLAN
2006-10-14 14:02 -------- d-------- C:\Documents and Settings\Becky\Application Data\AdobeUM
2006-10-14 13:38 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-14 13:38 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-14 13:38 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-14 13:37 -------- d-------- C:\Program Files\Microsoft Office
2006-10-14 10:27 -------- d-------- C:\Documents and Settings\Becky\Application Data\Macromedia
2006-10-14 10:14 -------- d-------- C:\Program Files\Adobe
2006-10-13 17:52 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-13 07:10 -------- d-------- C:\Program Files\foobar2000
2006-10-13 06:58 -------- d-------- C:\Program Files\uTorrent
2006-10-12 22:46 -------- d-------- C:\Program Files\HPQ
2006-10-12 22:45 -------- d-------- C:\Documents and Settings\Becky\Application Data\AVG7
2006-10-12 22:41 -------- d-------- C:\Program Files\Intel
2006-10-12 22:39 -------- d-------- C:\Program Files\Windows Media Connect
2006-10-12 22:39 -------- d-------- C:\Documents and Settings\Becky\Application Data\Talkback
2006-10-12 22:38 -------- d-------- C:\Documents and Settings\Becky\Application Data\Mozilla
2006-10-12 22:37 -------- d-------- C:\Program Files\Java
2006-10-12 22:37 -------- d-------- C:\Program Files\Common Files\Java
2006-10-12 22:27 -------- d-------- C:\Program Files\Synaptics
2006-10-12 22:27 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-12 22:26 -------- d-------- C:\Program Files\Broadcom
2006-10-12 22:24 -------- d-------- C:\Program Files\Analog Devices
2006-10-12 21:29 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-12 21:29 -------- d-------- C:\Documents and Settings\Becky\Application Data\Identities
2006-10-12 21:23 62 --ahs---- C:\Documents and Settings\Becky\Application Data\desktop.ini
2006-10-12 20:36 -------- d-------- C:\Program Files\xerox
2006-10-12 20:36 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-12 20:34 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-12 20:33 -------- d-------- C:\Program Files\Online Services
2006-10-12 20:33 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 20:33 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 20:33 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-12 20:32 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 20:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 20:31 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-12 20:31 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-12 20:30 -------- d-------- C:\Program Files\MSN
2006-10-12 18:39 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-12 18:39 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"1A:Stardock TrayMonitor"="\"C:\\Program Files\\Common Files\\stardock\\TrayServer.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\bcmntray"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"hzldrfi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\hzldrfi.dll,fmjgldb"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer&#

#6 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 08 November 2006 - 02:25 AM

hey, cheers for the help so far!

#7 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 08 November 2006 - 02:28 AM

Hi there:
Go ahead and delete Vundofix.
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\Program Files\VSAdd-in<==Folder

With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll (file missing)
Select Fix Checked.

"Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update to the latest version..."
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 from
    here
  • Scroll down to where it says "Windows Offline Installation"
  • Click the "Download" button to the right.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name:

    Java 1.5.0

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on Java to install the newest version.
Reset and Re-enable your System Restore
We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Click Start Run ( type: SYSDM.CPL ) OK
  • Click the System Restore tab.
  • Check - Turn off System Restore.
  • Click Apply.
  • Uncheck - Turn off System Restore.
  • Click OK.
You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.
  • Go to Start All Programs Accessories System Tools, and select System Restore
  • In the System Restore prompt, select: Create a restore point
  • Click Next
  • Give a description to the new Restore Point. (Something like: Clean PC)
  • Click Create
  • Then close the window
How the system running now?

#8 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 08 November 2006 - 07:25 PM

hey

Done all that, yeah seems to be running much better, no pop ups so far. Didnt really notice a performance problem, just the stupid pop ups.

Do you think the comp is clean now? if so cheers!

#9 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 09 November 2006 - 01:48 AM

Hi.
Please run Hijackthis again and produce a new HJT log. Thanks.

#10 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 09 November 2006 - 02:21 AM

here u go

Logfile of HijackThis v1.99.1
Scan saved at 07:18:17, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#11 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 10 November 2006 - 07:21 AM

I apologize for the delay.
Looks good! Your log is clean! Except this one:
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qxngggci.dll (file missing)
Select Fix Checked

#12 keith43

keith43
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 November 2006 - 04:11 PM

cheers mate, done that now. This can be closed, unless Kairis wants me to do any thing else?

#13 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:02 AM

Posted 12 November 2006 - 11:27 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users