Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vturs.dll Among Others - Popups Can't Block


  • Please log in to reply
15 replies to this topic

#1 David Swetnam

David Swetnam

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 08 May 2007 - 03:42 PM

Have been trying to remove these for several days. Have tried all suggested by bleepingcomputer.com and others. :flowers: I try to remove or disable from IE add-ons and they keep coming back! :thumbsup: Here is the logfile...


Logfile of HijackThis v1.99.1
Scan saved at 4:29:12 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177099626906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177288998437
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 08 May 2007 - 11:44 PM

Hello David Swetnam! Welcome to The Forums. My name is Rahina Rescue and I will be handling your log to help you get cleaned up.

Please Go to Hijackthis Folder, Right Click on Hijackthis.exe Icon, Choose to rename it, Rename to Rahina.exe and Post a Fresh Logfile in your next reply.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 09 May 2007 - 04:45 PM

Rahina,
Thanks for helping! Hope this is what you wanted...

Logfile of HijackThis v1.99.1
Scan saved at 5:38:34 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\rahina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10E3A698-62D7-4AA5-B1FA-645AE16DCB88} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D2692EE8-4795-44F4-A8FF-8FAC5D4FE947} - C:\WINDOWS\system32\xxyaaba.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177099626906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177288998437
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
O20 - Winlogon Notify: xxyaaba - C:\WINDOWS\SYSTEM32\xxyaaba.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 10 May 2007 - 08:01 AM

Step #1

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Download the latest version of Java Runtime Environment (JRE) 6

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Step #3

Please download Combofix to your desktop.
  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Now, Please Post a Fresh Combofix Logfile & Hijackthis Logfile.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2007 - 11:05 AM

Had some trouble complete tasks through attack of popups and system change warnings. Also had some problems getting Combofix to run. I think I was able to finally get it all gone. Her is the info you requested...

(((((((((((((((((((((((((((((((Vundofix Logfile))))))))))))))))))))))))))))))))))
Beginning removal...

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 9:39:49 PM 5/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jkkjj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jjkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 10:10:09 AM 5/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.tmp
C:\WINDOWS\system32\vturs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.tmp
C:\WINDOWS\system32\srutv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!

Performing Repairs to the registry.
Done!


(((((((((((((((((((((((((((((Combofix Logfile)))))))))))))))))))))))))))))))))))

"MY COMPUTER" - 2007-05-10 11:32:29 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\MY COMPUTER\My Documents\My Downloads\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\anhpnelm.dll
C:\WINDOWS\system32\lhxprtxl.dll
C:\WINDOWS\system32\ruulbdux.dll
C:\WINDOWS\system32\vdgrssjy.dll
C:\WINDOWS\system32\yqkprbje.dll
C:\WINDOWS\system32\winzzc32.dll
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\xxyaaba.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\wsnpoem


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 ))))))))))))))))))))))))))))))))))


2007-05-10 10:20 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-05-08 23:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 16:18 1,156 --a------ C:\WINDOWS\mozver.dat
2007-05-08 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-08 10:15 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Lavasoft
2007-05-08 10:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-07 21:39 <DIR> d-------- C:\VundoFix Backups
2007-05-06 21:47 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\WinPatrol
2007-05-06 21:46 <DIR> d-------- C:\Program Files\BillP Studios
2007-05-05 21:39 <DIR> d-------- C:\Program Files\Windows Defender
2007-05-05 21:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-05 00:14 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-05 00:12 <DIR> d-------- C:\Program Files\MSBuild
2007-05-05 00:05 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-05 00:02 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-05-05 00:01 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-05 00:01 <DIR> d-------- C:\0093e9b94909109986
2007-05-04 23:59 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-03 23:15 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Ahead
2007-05-03 23:13 <DIR> d-------- C:\Program Files\Nero
2007-05-03 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-05-03 22:48 39,424 --a------ C:\qfalpjip.exe
2007-05-03 22:15 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-03 12:19 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-05-03 12:19 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-05-03 12:19 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-05-03 10:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-05-03 10:24 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-03 10:23 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-03 10:23 <DIR> d-------- C:\Program Files\Ahead
2007-05-03 10:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-05-02 23:00 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\CopyToDvd
2007-05-02 22:54 87,608 --a------ C:\DOCUME~1\MYCOMP~1\APPLIC~1\ezpinst.exe
2007-05-02 22:54 <DIR> d-------- C:\Program Files\VSO
2007-05-02 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy
2007-05-02 22:18 87,608 --a------ C:\DOCUME~1\MYCOMP~1\APPLIC~1\inst.exe
2007-05-02 22:18 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-02 22:18 47,360 --a------ C:\DOCUME~1\MYCOMP~1\APPLIC~1\pcouffin.sys
2007-05-02 22:18 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Vso
2007-05-02 22:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-05-02 21:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-02 17:39 <DIR> d-------- C:\Program Files\nfs
2007-05-02 16:37 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-05-02 16:31 <DIR> d-------- C:\Program Files\Microsoft Games
2007-05-02 11:10 <DIR> dr-h----- C:\MSOCache
2007-05-02 10:26 <DIR> d-------- C:\Program Files\New Folder
2007-05-01 17:01 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Sonic
2007-05-01 11:35 146,432 ---hs---- C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-30 21:55 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 3
2007-04-30 21:49 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\dvdcss
2007-04-30 21:17 45,056 --a------ C:\WINDOWS\system32\drivers\iviVD.sys
2007-04-30 20:56 <DIR> d-------- C:\Program Files\Common Files\DistributeShield
2007-04-29 22:11 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\My DVDs
2007-04-26 13:52 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-26 13:52 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-26 13:52 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-26 13:52 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-04-26 13:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-26 10:35 <DIR> d-------- C:\Program Files\Netflix
2007-04-26 10:31 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\InterVideo
2007-04-26 10:12 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-04-26 10:12 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-04-26 10:12 1,101,824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-04-25 18:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-04-25 18:28 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-04-25 18:28 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 18:28 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-04-25 18:19 <DIR> d-------- C:\Program Files\Live Search Maps for Outlook
2007-04-25 18:12 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows
2007-04-23 20:39 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-04-23 20:39 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-04-23 20:39 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2007-04-23 20:39 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2007-04-23 20:39 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2007-04-23 20:39 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2007-04-23 20:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-23 20:39 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-04-23 20:39 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\concept design
2007-04-23 20:26 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\WebCompiler3
2007-04-23 17:17 <DIR> d-------- C:\Program Files\Ubisoft
2007-04-22 22:09 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\AdobeUM
2007-04-22 21:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-22 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-04-22 20:45 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\OfficeUpdate12
2007-04-22 20:38 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-04-22 20:00 <DIR> d-------- C:\Intel Proset.temp
2007-04-22 19:44 <DIR> d-------- C:\Program Files\Ares
2007-04-22 10:54 <DIR> d-------- C:\Program Files\KeyWallet
2007-04-22 09:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-22 09:32 <DIR> d-------- C:\Program Files\e-Sword
2007-04-22 08:53 81 --a------ C:\CTX.DAT
2007-04-22 08:53 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\Citrix
2007-04-21 23:44 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-21 23:44 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-21 23:44 <DIR> d-------- C:\Program Files\Symantec
2007-04-21 23:44 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-04-21 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-04-21 23:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-21 23:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-04-21 08:35 934,400 --a------ C:\WINDOWS\LEAD45.DLL
2007-04-21 08:35 74,240 --a------ C:\WINDOWS\MGXFRM10.DLL
2007-04-21 08:35 640,512 --a------ C:\WINDOWS\OC30.DLL
2007-04-21 08:35 5,632 --a------ C:\WINDOWS\MFCUIA32.DLL
2007-04-21 08:35 398,416 --a------ C:\WINDOWS\VBRUN300.DLL
2007-04-21 08:35 353,280 --a------ C:\WINDOWS\MGXBM10.DLL
2007-04-21 08:35 31,232 --a------ C:\WINDOWS\FVDS60.DLL
2007-04-21 08:35 253,952 --a------ C:\WINDOWS\PPIV.DLL
2007-04-21 08:35 205,824 --a------ C:\WINDOWS\PPLIBMGR.DLL
2007-04-21 08:35 160,256 --a------ C:\WINDOWS\MGXCLEAN.EXE
2007-04-21 08:35 133,904 --a------ C:\WINDOWS\MFCANS32.DLL
2007-04-21 08:35 13,824 --a------ C:\WINDOWS\VBOA300.DLL
2007-04-21 08:35 116,736 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-04-21 08:35 1,915,392 --a------ C:\WINDOWS\MGXRDR32.DLL
2007-04-21 08:35 <DIR> d-------- C:\WINDOWS\Program Files
2007-04-20 20:56 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-20 20:56 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-20 20:38 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Microsoft Web Folders
2007-04-20 18:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-20 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-20 16:10 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-20 16:07 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-20 16:07 <DIR> d--hs---- C:\DOCUME~1\MYCOMP~1\UserData
2007-04-20 16:07 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-20 16:06 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\Google
2007-04-20 16:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-20 16:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-20 12:33 <DIR> d-------- C:\DOCUME~1\MYCOMP~1\APPLIC~1\U3
2007-04-13 09:03 16 --a------ C:\WINDOWS\popcinfo.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 14:14:02 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-05 17:06:13 -------- d-----w C:\Program Files\GemMaster
2007-05-03 02:02:11 -------- d-----w C:\Program Files\Google
2007-05-03 01:31:02 -------- d-----w C:\Program Files\WildTangent
2007-05-03 01:29:01 -------- d-----w C:\Program Files\Toshiba Games
2007-05-02 21:23:13 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-01 01:39:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 01:17:00 -------- d-----w C:\Program Files\InterVideo
2007-04-23 23:50:36 -------- d-----w C:\DOCUME~1\MYCOMP~1\APPLIC~1\toshiba
2007-04-22 13:40:11 -------- d-----w C:\Program Files\Yahoo!
2007-04-21 00:56:05 -------- d-----w C:\Program Files\Picasa2
2007-04-21 00:38:02 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-21 00:03:55 -------- d-----w C:\Program Files\Pure Networks
2007-04-21 00:03:55 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-20 22:56:17 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-20 20:04:57 -------- d-----w C:\Program Files\DesktopDialer
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 23:38:24 524,288 ----a-w C:\WINDOWS\opuc.dll
2007-03-14 23:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-03-14 23:20:38 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-14 23:20:36 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-14 23:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-14 23:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 17:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 17:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2007-03-01 00:53:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-02-28 19:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll"
"{AE7CD045-E861-484f-8273-0445EE161910}"="C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TDispVol"="TDispVol.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"PSQLLauncher"="\"C:\\Program Files\\Protector Suite QL\\launcher.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SManager"="smanager.7.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Registry Cleaner Scheduler"="\"C:\\Program Files\\CleanMyPC\\Registry Cleaner\\RCHelper.exe\" /startup"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0psqlpwd\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit
C:\WINDOWS\system32\ntos.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - MY COMPUTER.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 11:46:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-10 11:48:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-10 11:48

((((((((((((((((((((((((((((((((Hijackthis Logfile))))))))))))))))))))))))))))))))

Logfile of HijackThis v1.99.1
Scan saved at 11:56:22 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\rahina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177099626906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177288998437
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 10 May 2007 - 11:08 AM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2007 - 03:11 PM

Seems like things are improving... also included hijackthis log...

=============================================================================
Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright © Igor Daniloff, 1992-2006
Log generated on: 2007-05-10, 12:52:46 [TOSHIBA-USER][MY COMPUTER]
Command-line: "C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 737 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 543 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 572 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43308.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 199193
Key file: C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\my computer\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\my computer\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\my computer\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\my computer\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
[Scan path] c:\program files\ares\chatserver.exe
[Scan path] c:\program files\billp studios\winpatrol\winpatrol.exe
[Scan path] c:\program files\cleanmypc\registry cleaner\rchelper.exe
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmbgmonitor.exe
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\protector suite ql\drivers\fdredir.sys
[Scan path] c:\program files\common files\protector suite ql\drivers\filedisk.sys
[Scan path] c:\program files\common files\symantec shared\appcore\appsvc32.exe
[Scan path] c:\program files\common files\symantec shared\ccapp.exe
[Scan path] c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
[Scan path] c:\program files\common files\symantec shared\ccsvchst.exe
[Scan path] c:\program files\common files\symantec shared\eengine\eectrl.sys
[Scan path] c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
[Scan path] c:\program files\common files\symantec shared\symcdata\ids-diskless\20070507.001\symidsco.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20070509.019\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20070509.019\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\intel\wireless\bin\eouwiz.exe
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\ifrmewrk.exe
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\intervideo\common\bin\wincinemamgr.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\microsoft office\office\osa9.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\norton antivirus\ispwdsvc.exe
[Scan path] c:\program files\norton antivirus\oscheck.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\picasa2\picasamediadetector.exe
[Scan path] c:\program files\protector suite ql\launcher.exe
[Scan path] c:\program files\protector suite ql\mysafe.dll
[Scan path] c:\program files\protector suite ql\smihlp.sys
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sonic\recordnow!\shlext.dll
[Scan path] c:\program files\spybot - search & destroy\teatimer.exe
[Scan path] c:\program files\symantec\liveupdate\aluschedulersvc.exe
[Scan path] c:\program files\symantec\liveupdate\lucomserver_3_2.exe
[Scan path] c:\program files\synaptics\syntp\syntpcpl.dll
[Scan path] c:\program files\synaptics\syntp\syntpenh.exe
[Scan path] c:\program files\synaptics\syntp\syntplpr.exe
[Scan path] c:\program files\toshiba\configfree\cfsvcs.exe
[Scan path] c:\program files\toshiba\toshiba applet\tappsrv.exe
[Scan path] c:\program files\toshiba\toshiba applet\thotkey.exe
[Scan path] c:\program files\toshiba\toshiba zooming utility\smoothview.exe
[Scan path] c:\program files\toshiba\tvs\tvstray.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\program files\yahoo!\widgets\yahoowidgetengine.exe
[Scan path] c:\toshiba\ivp\ism\pinger.exe
[Scan path] c:\windows\agrsmmsg.exe
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\ehtray.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\fvds60.dll
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\network diagnostic\xpnetdiag.exe
[Scan path] c:\windows\ppiv.dll
[Scan path] c:\windows\system32\adobepdf.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\dlaboiom.sys
[Scan path] c:\windows\system32\dla\dladresn.sys
[Scan path] c:\windows\system32\dla\dlaifs_m.sys
[Scan path] c:\windows\system32\dla\dlaopiom.sys
[Scan path] c:\windows\system32\dla\dlapoolm.sys
[Scan path] c:\windows\system32\dla\dlashx_w.dll
[Scan path] c:\windows\system32\dla\dlaudf_m.sys
[Scan path] c:\windows\system32\dla\dlaudfam.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\acpiec.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\agrsm.sys
[Scan path] c:\windows\system32\drivers\ar5211.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dlacdbhm.sys
[Scan path] c:\windows\system32\drivers\dlartl_n.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\e1e5132.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\hdaudbus.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\ialmnt5.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iviaspi.sys
[Scan path] c:\windows\system32\drivers\ivivd.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kbdhid.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\kr10n.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\nbsmi.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\netdevio.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pcouffin.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rtkhdaud.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\sfloppy.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srtsp.sys
[Scan path] c:\windows\system32\drivers\srtspl.sys
[Scan path] c:\windows\system32\drivers\srtspx.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\symdns.sys
[Scan path] c:\windows\system32\drivers\symevent.sys
[Scan path] c:\windows\system32\drivers\symfw.sys
[Scan path] c:\windows\system32\drivers\symids.sys
[Scan path] c:\windows\system32\drivers\symndis.sys
[Scan path] c:\windows\system32\drivers\symredrv.sys
[Scan path] c:\windows\system32\drivers\symtdi.sys
[Scan path] c:\windows\system32\drivers\syntp.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tbiosdrv.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tcusb.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\tifm21.sys
[Scan path] c:\windows\system32\drivers\tosrfec.sys
[Scan path] c:\windows\system32\drivers\tvs.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w39n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wanatw4.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\fxsmon.dll
[Scan path] c:\windows\system32\fxssvc.exe
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hkcmd.exe
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\igfxpers.exe
[Scan path] c:\windows\system32\igfxtray.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\psqlpwd.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tbtmon.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\tdispvol.exe
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\tpsmain.exe
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\xpsshhdr.dll
[Scan path] c:\windows\system32\zipfldr.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 384
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1845 Kb/s
Scan time: 00:01:08
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\MY COMPUTER\NTUSER.DAT - read error
C:\Documents and Settings\MY COMPUTER\NTUSER~1.LOG - read error
C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\Common Files\Yazzle1162OinAdmin.exe is adware program Adware.ClickSpring
C:\Program Files\Hijackthis\backups\backup-20070509-212028-503.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212029-668.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212251-690.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212251-995.dll infected with Trojan.Virtumod - deleted
>C:\QooBox\Quarantine\C\WINDOWS\system32\anhpnelm.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\lhxprtxl.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\ruulbdux.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\vdgrssjy.dll.vir is adware program Adware.Crew
C:\QooBox\Quarantine\C\WINDOWS\system32\winzzc32.dll.vir infected with Trojan.Mezzia - deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaba.dll.vir infected with Trojan.Virtumod - deleted
>C:\QooBox\Quarantine\C\WINDOWS\system32\yqkprbje.dll.vir is adware program Adware.Crew
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP310\A0015788.ocx is adware program Adware.Gdown
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023634.exe is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023637.exe is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024458.dll infected with Trojan.Click.1290 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024459.dll is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024460.dll infected with Trojan.Click.2049 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024461.dll infected with Trojan.DownLoader.19172 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024462.dll infected with Trojan.Iespoof - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP343\A0024650.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP347\A0024938.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025132.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025172.exe infected with Trojan.DownLoader.20279 - deleted
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025173.exe is adware program Adware.ClickSpring
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025175.exe is adware program Adware.ClickSpring
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025177.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP351\A0025336.dll infected with Trojan.Virtumod - deleted
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP353\A0025363.exe is adware program Adware.ClickSpring
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025498.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025499.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025500.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025501.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025502.dll is adware program Adware.Crew
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025503.dll infected with Trojan.Mezzia - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025508.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026567.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026568.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026569.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026570.dll infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\jkkjj.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\vturs.dll.bad infected with Trojan.Virtumod - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 172655
Infected objects found: 24
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 18
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 178 Kb/s
Scan time: 02:51:01
-----------------------------------------------------------------------------

C:\Program Files\Common Files\Yazzle1162OinAdmin.exe - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\anhpnelm.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\lhxprtxl.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\ruulbdux.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\vdgrssjy.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\yqkprbje.dll.vir - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP310\A0015788.ocx - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023634.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023637.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024459.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025173.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025175.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP353\A0025363.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025498.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025499.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025500.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025501.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025502.dll - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 173039
Infected objects found: 24
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 18
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 18
Objects ignored: 0
Scan speed: 189 Kb/s
Scan time: 02:52:09
=============================================================================

=============================================================================
Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright © Igor Daniloff, 1992-2006
Log generated on: 2007-05-10, 15:58:20 [TOSHIBA-USER][MY COMPUTER]
Command-line: "C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 737 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus b

#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 10 May 2007 - 11:44 PM

Seems like that's not the whole Drweb report it may take a few messages, also could you please post a fresh hijackthis logfile?

Thanks
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 11 May 2007 - 03:57 PM

Hopefully it's all here...

=============================================================================
Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright © Igor Daniloff, 1992-2006
Log generated on: 2007-05-10, 12:52:46 [TOSHIBA-USER][MY COMPUTER]
Command-line: "C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 737 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 543 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 572 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43308.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 199193
Key file: C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\my computer\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\my computer\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\my computer\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\my computer\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll
[Scan path] c:\program files\adobe\acrobat 6.0\acrobat\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
[Scan path] c:\program files\ares\chatserver.exe
[Scan path] c:\program files\billp studios\winpatrol\winpatrol.exe
[Scan path] c:\program files\cleanmypc\registry cleaner\rchelper.exe
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmbgmonitor.exe
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\protector suite ql\drivers\fdredir.sys
[Scan path] c:\program files\common files\protector suite ql\drivers\filedisk.sys
[Scan path] c:\program files\common files\symantec shared\appcore\appsvc32.exe
[Scan path] c:\program files\common files\symantec shared\ccapp.exe
[Scan path] c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
[Scan path] c:\program files\common files\symantec shared\ccsvchst.exe
[Scan path] c:\program files\common files\symantec shared\eengine\eectrl.sys
[Scan path] c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll
[Scan path] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
[Scan path] c:\program files\common files\symantec shared\symcdata\ids-diskless\20070507.001\symidsco.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20070509.019\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20070509.019\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\intel\wireless\bin\eouwiz.exe
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\ifrmewrk.exe
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\intervideo\common\bin\wincinemamgr.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\microsoft office\office\osa9.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\norton antivirus\ispwdsvc.exe
[Scan path] c:\program files\norton antivirus\oscheck.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\picasa2\picasamediadetector.exe
[Scan path] c:\program files\protector suite ql\launcher.exe
[Scan path] c:\program files\protector suite ql\mysafe.dll
[Scan path] c:\program files\protector suite ql\smihlp.sys
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sonic\recordnow!\shlext.dll
[Scan path] c:\program files\spybot - search & destroy\teatimer.exe
[Scan path] c:\program files\symantec\liveupdate\aluschedulersvc.exe
[Scan path] c:\program files\symantec\liveupdate\lucomserver_3_2.exe
[Scan path] c:\program files\synaptics\syntp\syntpcpl.dll
[Scan path] c:\program files\synaptics\syntp\syntpenh.exe
[Scan path] c:\program files\synaptics\syntp\syntplpr.exe
[Scan path] c:\program files\toshiba\configfree\cfsvcs.exe
[Scan path] c:\program files\toshiba\toshiba applet\tappsrv.exe
[Scan path] c:\program files\toshiba\toshiba applet\thotkey.exe
[Scan path] c:\program files\toshiba\toshiba zooming utility\smoothview.exe
[Scan path] c:\program files\toshiba\tvs\tvstray.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\program files\yahoo!\widgets\yahoowidgetengine.exe
[Scan path] c:\toshiba\ivp\ism\pinger.exe
[Scan path] c:\windows\agrsmmsg.exe
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\ehtray.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\fvds60.dll
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
[Scan path] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\network diagnostic\xpnetdiag.exe
[Scan path] c:\windows\ppiv.dll
[Scan path] c:\windows\system32\adobepdf.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\dlaboiom.sys
[Scan path] c:\windows\system32\dla\dladresn.sys
[Scan path] c:\windows\system32\dla\dlaifs_m.sys
[Scan path] c:\windows\system32\dla\dlaopiom.sys
[Scan path] c:\windows\system32\dla\dlapoolm.sys
[Scan path] c:\windows\system32\dla\dlashx_w.dll
[Scan path] c:\windows\system32\dla\dlaudf_m.sys
[Scan path] c:\windows\system32\dla\dlaudfam.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\acpiec.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\agrsm.sys
[Scan path] c:\windows\system32\drivers\ar5211.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dlacdbhm.sys
[Scan path] c:\windows\system32\drivers\dlartl_n.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\e1e5132.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\hdaudbus.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\ialmnt5.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iviaspi.sys
[Scan path] c:\windows\system32\drivers\ivivd.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kbdhid.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\kr10n.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\nbsmi.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\netdevio.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pcouffin.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rtkhdaud.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\sfloppy.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srtsp.sys
[Scan path] c:\windows\system32\drivers\srtspl.sys
[Scan path] c:\windows\system32\drivers\srtspx.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\symdns.sys
[Scan path] c:\windows\system32\drivers\symevent.sys
[Scan path] c:\windows\system32\drivers\symfw.sys
[Scan path] c:\windows\system32\drivers\symids.sys
[Scan path] c:\windows\system32\drivers\symndis.sys
[Scan path] c:\windows\system32\drivers\symredrv.sys
[Scan path] c:\windows\system32\drivers\symtdi.sys
[Scan path] c:\windows\system32\drivers\syntp.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tbiosdrv.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tcusb.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\tifm21.sys
[Scan path] c:\windows\system32\drivers\tosrfec.sys
[Scan path] c:\windows\system32\drivers\tvs.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w39n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wanatw4.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\fxsmon.dll
[Scan path] c:\windows\system32\fxssvc.exe
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hkcmd.exe
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\igfxpers.exe
[Scan path] c:\windows\system32\igfxtray.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\psqlpwd.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tbtmon.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\tdispvol.exe
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\tpsmain.exe
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\xpsshhdr.dll
[Scan path] c:\windows\system32\zipfldr.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 384
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1845 Kb/s
Scan time: 00:01:08
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\MY COMPUTER\NTUSER.DAT - read error
C:\Documents and Settings\MY COMPUTER\NTUSER~1.LOG - read error
C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\Common Files\Yazzle1162OinAdmin.exe is adware program Adware.ClickSpring
C:\Program Files\Hijackthis\backups\backup-20070509-212028-503.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212029-668.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212251-690.dll infected with Trojan.Virtumod - deleted
C:\Program Files\Hijackthis\backups\backup-20070509-212251-995.dll infected with Trojan.Virtumod - deleted
>C:\QooBox\Quarantine\C\WINDOWS\system32\anhpnelm.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\lhxprtxl.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\ruulbdux.dll.vir is adware program Adware.Crew
>C:\QooBox\Quarantine\C\WINDOWS\system32\vdgrssjy.dll.vir is adware program Adware.Crew
C:\QooBox\Quarantine\C\WINDOWS\system32\winzzc32.dll.vir infected with Trojan.Mezzia - deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaba.dll.vir infected with Trojan.Virtumod - deleted
>C:\QooBox\Quarantine\C\WINDOWS\system32\yqkprbje.dll.vir is adware program Adware.Crew
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP310\A0015788.ocx is adware program Adware.Gdown
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023634.exe is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023637.exe is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024458.dll infected with Trojan.Click.1290 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024459.dll is adware program Adware.TrustIn
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024460.dll infected with Trojan.Click.2049 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024461.dll infected with Trojan.DownLoader.19172 - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024462.dll infected with Trojan.Iespoof - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP343\A0024650.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP347\A0024938.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025132.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025172.exe infected with Trojan.DownLoader.20279 - deleted
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025173.exe is adware program Adware.ClickSpring
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025175.exe is adware program Adware.ClickSpring
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025177.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP351\A0025336.dll infected with Trojan.Virtumod - deleted
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP353\A0025363.exe is adware program Adware.ClickSpring
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025498.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025499.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025500.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025501.dll is adware program Adware.Crew
>C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025502.dll is adware program Adware.Crew
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025503.dll infected with Trojan.Mezzia - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025508.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026567.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026568.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026569.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0026570.dll infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\jkkjj.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\vturs.dll.bad infected with Trojan.Virtumod - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 172655
Infected objects found: 24
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 18
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 178 Kb/s
Scan time: 02:51:01
-----------------------------------------------------------------------------

C:\Program Files\Common Files\Yazzle1162OinAdmin.exe - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\anhpnelm.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\lhxprtxl.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\ruulbdux.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\vdgrssjy.dll.vir - incurable - moved
C:\QooBox\Quarantine\C\WINDOWS\system32\yqkprbje.dll.vir - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP310\A0015788.ocx - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023634.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP338\A0023637.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP341\A0024459.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP348\A0025173.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP349\A0025175.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP353\A0025363.exe - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025498.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025499.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025500.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025501.dll - incurable - moved
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP355\A0025502.dll - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 173039
Infected objects found: 24
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 18
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 18
Objects ignored: 0
Scan speed: 189 Kb/s
Scan time: 02:52:09
=============================================================================

=============================================================================
Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright © Igor Daniloff, 1992-2006
Log generated on: 2007-05-10, 15:58:20 [TOSHIBA-USER][MY COMPUTER]
Command-line: "C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 737 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\MYCOMP~1&#

#10 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 12 May 2007 - 12:10 AM

That's not the complete log, anyway i think that's enogh.

Please Go ahead and Empty This Folder:

Step #1

C:\QooBox\Quarantine

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Step #2

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepads: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#11 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 12 May 2007 - 03:48 PM

Looks like smanager or smanager7 is the only thing still poping up...

Main.txt...
Deckard's System Scanner v20070426.43
Run by MY COMPUTER on 2007-05-12 at 16:31:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-05-12 20:32:02 UTC - RP360 - Deckard's System Scanner Restore Point
1: 2007-05-12 20:30:24 UTC - RP359 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as MY COMPUTER.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:32:45 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\MY COMPUTER\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MY COMPUTER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177099626906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177288998437
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070511-165606-215 O4 - HKLM\..\Run: [SManager] smanager.7.exe
backup-20070511-165702-103 O4 - HKLM\..\Run: [SManager] smanager.7.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 IO_Memory - c:\sysprep\drivers\ioport.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SVRPEDRV - c:\sysprep\pedrv.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-05-12 16:22:12 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-04 23:28:08 568 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MY COMPUTER.job


-- Files created between 2007-04-12 and 2007-05-12 -----------------------------

2007-05-10 12:52:45 0 d-------- C:\Documents and Settings\MY COMPUTER\DoctorWeb
2007-05-10 11:17:50 0 d-------- C:\Program Files\Java
2007-05-10 11:17:47 0 d-------- C:\Program Files\Common Files\Java
2007-05-10 10:20:56 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-05-08 23:25:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 16:18:53 1156 --a------ C:\WINDOWS\mozver.dat
2007-05-08 10:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-05-08 10:15:30 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Lavasoft
2007-05-08 10:14:41 0 d-------- C:\Program Files\Lavasoft
2007-05-07 22:06:40 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla
2007-05-07 21:39:49 0 d-------- C:\VundoFix Backups
2007-05-06 21:47:01 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\WinPatrol
2007-05-06 21:46:56 0 d-------- C:\Program Files\BillP Studios
2007-05-05 21:39:33 0 d-------- C:\Program Files\Windows Defender
2007-05-05 21:26:36 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-05 00:12:02 0 d-------- C:\Program Files\MSBuild
2007-05-05 00:05:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-05 00:02:57 0 d-------- C:\Program Files\Reference Assemblies
2007-05-05 00:01:52 0 d-------- C:\0093e9b94909109986
2007-05-04 23:59:34 0 d-------- C:\WINDOWS\network diagnostic
2007-05-03 23:15:07 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Ahead
2007-05-03 23:13:34 0 d-------- C:\Program Files\Nero
2007-05-03 23:13:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-03 22:48:55 2 --a------ C:\2016267474
2007-05-03 22:48:46 39424 --a------ C:\qfalpjip.exe
2007-05-03 22:15:18 0 d-------- C:\Program Files\CleanMyPC
2007-05-03 12:19:13 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-05-03 12:19:13 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-05-03 10:25:37 0 d-------- C:\Program Files\Common Files\Nero
2007-05-03 10:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-05-03 10:23:21 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-03 10:23:19 0 d-------- C:\Program Files\Ahead
2007-05-02 23:00:59 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\CopyToDvd
2007-05-02 22:54:15 0 d-------- C:\Program Files\VSO
2007-05-02 22:22:41 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-05-02 22:18:25 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 22:18:25 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Vso
2007-05-02 22:18:25 47360 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 22:17:53 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-02 21:05:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-02 17:39:49 0 d-------- C:\Program Files\nfs
2007-05-02 16:37:16 143872 --a------ C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-05-02 16:31:43 0 d-------- C:\Program Files\Microsoft Games
2007-05-02 11:10:28 0 dr-h----- C:\MSOCache
2007-05-02 10:26:17 0 d-------- C:\Program Files\New Folder
2007-05-01 17:01:26 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Sonic
2007-04-30 21:55:03 0 d-------- C:\Program Files\DVDFab HD Decrypter 3
2007-04-30 21:49:20 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\dvdcss
2007-04-30 20:56:34 0 d-------- C:\Program Files\Common Files\DistributeShield
2007-04-29 22:11:38 0 d-------- C:\Documents and Settings\MY COMPUTER\My DVDs
2007-04-26 10:35:43 0 d-------- C:\Program Files\Netflix
2007-04-26 10:31:52 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\InterVideo
2007-04-26 10:12:09 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-04-26 10:12:09 1101824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll <Not Verified; NuMedia Soft, Inc.; NMSDVDX SDK>
2007-04-26 10:12:08 323584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-04-25 18:32:17 0 d-------- C:\Program Files\MSXML 6.0
2007-04-25 18:19:10 0 d-------- C:\Program Files\Live Search Maps for Outlook
2007-04-25 18:16:23 0 d-------- C:\Program Files\Microsoft
2007-04-25 18:12:00 0 d-------- C:\Program Files\Photo Story 3 for Windows
2007-04-23 20:39:12 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2007-04-23 20:39:12 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2007-04-23 20:39:12 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2007-04-23 20:39:12 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-04-23 20:39:12 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2007-04-23 20:39:11 877568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-04-23 20:39:11 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-04-23 20:39:11 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\concept design
2007-04-23 20:26:54 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\WebCompiler3
2007-04-23 17:17:09 0 d-------- C:\Program Files\Ubisoft
2007-04-22 22:09:50 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\AdobeUM
2007-04-22 20:46:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-04-22 20:45:17 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\OfficeUpdate12
2007-04-22 20:38:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-04-22 20:00:38 0 d-------- C:\Intel Proset.temp
2007-04-22 19:44:36 0 d-------- C:\Program Files\Ares
2007-04-22 10:54:32 0 d-------- C:\Program Files\KeyWallet
2007-04-22 09:32:56 0 d-------- C:\Program Files\e-Sword
2007-04-22 09:32:22 0 d-------- C:\WINDOWS\Downloaded Installations
2007-04-22 08:53:24 81 --a------ C:\CTX.DAT
2007-04-22 08:53:21 0 d-------- C:\Documents and Settings\MY COMPUTER\Citrix
2007-04-22 08:52:54 0 d-------- C:\WINDOWS\Sun
2007-04-22 08:52:54 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Sun
2007-04-21 23:44:52 0 d-------- C:\Program Files\Norton AntiVirus
2007-04-21 23:44:02 0 d-------- C:\Program Files\Symantec
2007-04-21 23:44:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-21 23:43:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-21 23:40:55 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-04-21 08:35:55 934400 --a------ C:\WINDOWS\LEAD45.DLL
2007-04-21 08:35:54 205824 --a------ C:\WINDOWS\PPLIBMGR.DLL <Not Verified; ; PPLIBMGR Dynamic Link Library>
2007-04-21 08:35:54 116736 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-04-21 08:35:48 353280 --a------ C:\WINDOWS\MGXBM10.DLL <Not Verified; Micrografx, Inc.; >
2007-04-21 08:35:48 31232 --a------ C:\WINDOWS\FVDS60.DLL
2007-04-21 08:35:36 398416 --a------ C:\WINDOWS\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-04-21 08:35:36 13824 --a------ C:\WINDOWS\VBOA300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-04-21 08:35:36 640512 --a------ C:\WINDOWS\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2007-04-21 08:35:34 1915392 --a------ C:\WINDOWS\MGXRDR32.DLL
2007-04-21 08:35:34 74240 --a------ C:\WINDOWS\MGXFRM10.DLL <Not Verified; Micrografx, Inc.; >
2007-04-21 08:35:23 253952 --a------ C:\WINDOWS\PPIV.DLL
2007-04-21 08:35:22 0 d-------- C:\WINDOWS\Program Files
2007-04-21 08:35:21 160256 --a------ C:\WINDOWS\MGXCLEAN.EXE <Not Verified; Micrografx, Inc.; Micrografx Uninstaller>
2007-04-20 20:49:14 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Macromedia
2007-04-20 20:38:17 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft Web Folders
2007-04-20 18:27:56 0 d-------- C:\Program Files\MSXML 4.0
2007-04-20 16:11:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-20 16:10:27 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-20 16:07:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-20 16:07:03 0 d--hs---- C:\Documents and Settings\MY COMPUTER\UserData
2007-04-20 16:06:57 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Google
2007-04-20 16:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-20 16:01:19 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-20 12:33:47 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\U3
2007-04-13 09:03:19 16 --a------ C:\WINDOWS\popcinfo.dat


-- Find3M Report ---------------------------------------------------------------

2007-05-08 10:14:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-05 13:06:13 0 d-------- C:\Program Files\GemMaster
2007-05-03 10:19:49 33 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.log
2007-05-03 10:19:47 1144 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.inf
2007-05-03 10:19:47 1074 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.cat
2007-05-02 22:02:11 0 d-------- C:\Program Files\Google
2007-05-02 21:31:02 0 d-------- C:\Program Files\WildTangent
2007-05-02 21:29:01 0 d-------- C:\Program Files\Toshiba Games
2007-05-02 10:31:50 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-30 21:39:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-30 21:17:00 0 d-------- C:\Program Files\InterVideo
2007-04-23 19:50:36 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\toshiba
2007-04-22 09:40:11 0 d-------- C:\Program Files\Yahoo!
2007-04-20 20:56:05 0 d-------- C:\Program Files\Picasa2
2007-04-20 20:38:02 0 d-------- C:\Program Files\microsoft frontpage
2007-04-20 20:03:55 0 d-------- C:\Program Files\Pure Networks
2007-04-20 20:03:55 0 d-------- C:\Program Files\Common Files\AOL
2007-04-20 18:56:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-20 16:04:57 0 d-------- C:\Program Files\DesktopDialer
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TDispVol"="TDispVol.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"PSQLLauncher"="\"C:\\Program Files\\Protector Suite QL\\launcher.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SManager"="smanager.7.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Registry Cleaner Scheduler"="\"C:\\Program Files\\CleanMyPC\\Registry Cleaner\\RCHelper.exe\" /startup"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0psqlpwd\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 microsoft.com
127.0.0.1 norton.com
127.0.0.1 multitrader.info
127.0.0.1 reggame.biz
127.0.0.1 tele-globus.biz
127.0.0.1 newasp.com.cn
127.0.0.1 mygolddinar.com
127.0.0.1 xfatum.com
127.0.0.1 think-adz2.com
127.0.0.1 daoway.biz

6 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-05-12 at 16:33:13 ---------


Extra.txt...
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2037.98 MiB / 1461.36 MiB
Pagefile Memory (total/avail): 3933.98 MiB / 3520.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.45 MiB

C: is Fixed (NTFS) - 186.06 GiB total, 154.8 GiB free.
D: is CDROM (Unformatted)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MY COMPUTER\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHIBA-USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A105
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MY COMPUTER
LOGONSERVER=\\TOSHIBA-USER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp
USERDOMAIN=TOSHIBA-USER
USERNAME=MY COMPUTER
USERPROFILE=C:\Documents and Settings\MY COMPUTER
VERNUM=PSAA8U-14N02KR
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

MY COMPUTER (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Photoshop Album --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F9E6AA-7075-49EC-992F-A6213C73607F}\apxp.ex_" -l0x9
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
CleanMyPC - Registry Cleaner --> "C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
Desktop Dialer --> C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DVDFab HD Decrypter 3.0.9.6 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
e-Sword --> MsiExec.exe /I{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyWallet --> C:\Program Files\KeyWallet\UnGins.exe "C:\Program Files\KeyWallet\install.log"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mGina --> MsiExec.exe /I{DF6B8EA9-32CF-4937-BADF-6CF43313C9FC}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Micrografx ABC FlowCharter 6.0 --> C:\WINDOWS\mgxclean.exe ABC.app
Micrografx ABC Graphics Suite --> C:\WINDOWS\mgxclean.exe PP60.APP ABC.app DES60.APP
Micrografx Designer 6.0 --> C:\WINDOWS\mgxclean.exe des60.app
Micrografx Picture Publisher 6.0 --> C:\WINDOWS\mgxclean.exe pp60.app
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft FrontPage 2000 --> MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Links LS 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Games\Links LS 2000\Uninst.isu"
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Premium --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer --> MsiExec.exe /X{A79E6E20-E1B8-4A5A-97F4-E673404BF700}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Outerinfo --> "C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
Toshiba Media Center Game Console --> MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73 --> C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
TweakMCE --> MsiExec.exe /I{8D5AC6EF-B91C-4E03-99DE-C72536BB381F}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553 --> C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Music Engine --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-05-12 at 16:33:13 ---------

#12 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 12 May 2007 - 04:04 PM

Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Outerinfo

Please go Here to see how to show hidden files in windows.

Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\smanager.7.exe
C:\qfalpjip.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

Step #2

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O4 - HKLM\..\Run: [SManager] smanager.7.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

Step #3

Please run Panda's ActiveScan You will need to use Internet Explorer to run it.

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
o If it wants to install an ActiveX component allow it
o It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
o When download is complete, click on My Computer to start the scan
o When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report

Now Re-scan With Deckards System Scanner And Post Both report in your next reply.

If you want i can put together a list of stuff to remove thats completely optional that should significantly increase the speed you notice on the computer, let me know in your next reply.

Thanks :thumbsup:
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#13 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 12 May 2007 - 06:01 PM

seem like the popups are gone :thumbsup: It would be great to have any info to make my computer run faster, thanks!!!


Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla\Firefox\Profiles\oo9tlimn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\MY COMPUTER\Cookies\my_computer@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MY COMPUTER\Cookies\my_computer@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MY COMPUTER\Cookies\my_computer@atdmt[2].txt
Adware:Adware/TrustIn Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0023634.exe
Adware:Adware/TrustIn Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0023637.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0025498.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0025499.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0025500.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0025501.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\A0025502.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\anhpnelm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\lhxprtxl.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\ruulbdux.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\vdgrssjy.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine\yqkprbje.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\MY COMPUTER\My Documents\My Downloads\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe


Deckard's System Scanner v20070426.43
Run by MY COMPUTER on 2007-05-12 at 18:49:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as MY COMPUTER.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:49:41 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Documents and Settings\MY COMPUTER\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MYCOMP~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177099626906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177288998437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


-- Files created between 2007-04-12 and 2007-05-12 -----------------------------

2007-05-12 17:37:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-12 17:37:00 0 d-------- C:\WINDOWS\LastGood
2007-05-10 12:52:45 0 d-------- C:\Documents and Settings\MY COMPUTER\DoctorWeb
2007-05-10 11:17:50 0 d-------- C:\Program Files\Java
2007-05-10 11:17:47 0 d-------- C:\Program Files\Common Files\Java
2007-05-10 10:20:56 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-05-08 23:25:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 16:18:53 1156 --a------ C:\WINDOWS\mozver.dat
2007-05-08 10:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-05-08 10:15:30 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Lavasoft
2007-05-08 10:14:41 0 d-------- C:\Program Files\Lavasoft
2007-05-07 22:06:40 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Mozilla
2007-05-07 21:39:49 0 d-------- C:\VundoFix Backups
2007-05-06 21:47:01 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\WinPatrol
2007-05-06 21:46:56 0 d-------- C:\Program Files\BillP Studios
2007-05-05 21:39:33 0 d-------- C:\Program Files\Windows Defender
2007-05-05 21:26:36 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-05 00:12:02 0 d-------- C:\Program Files\MSBuild
2007-05-05 00:05:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-05 00:02:57 0 d-------- C:\Program Files\Reference Assemblies
2007-05-05 00:01:52 0 d-------- C:\0093e9b94909109986
2007-05-04 23:59:34 0 d-------- C:\WINDOWS\network diagnostic
2007-05-03 23:15:07 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Ahead
2007-05-03 23:13:34 0 d-------- C:\Program Files\Nero
2007-05-03 23:13:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-03 22:48:55 2 --a------ C:\2016267474
2007-05-03 22:15:18 0 d-------- C:\Program Files\CleanMyPC
2007-05-03 12:19:13 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-05-03 12:19:13 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-05-03 10:25:37 0 d-------- C:\Program Files\Common Files\Nero
2007-05-03 10:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-05-03 10:23:21 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-03 10:23:19 0 d-------- C:\Program Files\Ahead
2007-05-02 23:00:59 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\CopyToDvd
2007-05-02 22:54:15 0 d-------- C:\Program Files\VSO
2007-05-02 22:22:41 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-05-02 22:18:25 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 22:18:25 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Vso
2007-05-02 22:18:25 47360 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 22:17:53 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-02 21:05:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-02 17:39:49 0 d-------- C:\Program Files\nfs
2007-05-02 16:37:16 143872 --a------ C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-05-02 16:31:43 0 d-------- C:\Program Files\Microsoft Games
2007-05-02 11:10:28 0 dr-h----- C:\MSOCache
2007-05-02 10:26:17 0 d-------- C:\Program Files\New Folder
2007-05-01 17:01:26 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Sonic
2007-04-30 21:55:03 0 d-------- C:\Program Files\DVDFab HD Decrypter 3
2007-04-30 21:49:20 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\dvdcss
2007-04-30 20:56:34 0 d-------- C:\Program Files\Common Files\DistributeShield
2007-04-29 22:11:38 0 d-------- C:\Documents and Settings\MY COMPUTER\My DVDs
2007-04-26 10:35:43 0 d-------- C:\Program Files\Netflix
2007-04-26 10:31:52 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\InterVideo
2007-04-26 10:12:09 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-04-26 10:12:09 1101824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll <Not Verified; NuMedia Soft, Inc.; NMSDVDX SDK>
2007-04-26 10:12:08 323584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-04-25 18:32:17 0 d-------- C:\Program Files\MSXML 6.0
2007-04-25 18:19:10 0 d-------- C:\Program Files\Live Search Maps for Outlook
2007-04-25 18:16:23 0 d-------- C:\Program Files\Microsoft
2007-04-25 18:12:00 0 d-------- C:\Program Files\Photo Story 3 for Windows
2007-04-23 20:39:12 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2007-04-23 20:39:12 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2007-04-23 20:39:12 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2007-04-23 20:39:12 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-04-23 20:39:12 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2007-04-23 20:39:11 877568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-04-23 20:39:11 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-04-23 20:39:11 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\concept design
2007-04-23 20:26:54 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\WebCompiler3
2007-04-23 17:17:09 0 d-------- C:\Program Files\Ubisoft
2007-04-22 22:09:50 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\AdobeUM
2007-04-22 20:46:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-04-22 20:45:17 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\OfficeUpdate12
2007-04-22 20:38:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-04-22 20:00:38 0 d-------- C:\Intel Proset.temp
2007-04-22 19:44:36 0 d-------- C:\Program Files\Ares
2007-04-22 10:54:32 0 d-------- C:\Program Files\KeyWallet
2007-04-22 09:32:56 0 d-------- C:\Program Files\e-Sword
2007-04-22 09:32:22 0 d-------- C:\WINDOWS\Downloaded Installations
2007-04-22 08:53:24 81 --a------ C:\CTX.DAT
2007-04-22 08:53:21 0 d-------- C:\Documents and Settings\MY COMPUTER\Citrix
2007-04-22 08:52:54 0 d-------- C:\WINDOWS\Sun
2007-04-22 08:52:54 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Sun
2007-04-21 23:44:52 0 d-------- C:\Program Files\Norton AntiVirus
2007-04-21 23:44:02 0 d-------- C:\Program Files\Symantec
2007-04-21 23:44:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-21 23:43:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-21 23:40:55 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-04-21 08:35:55 934400 --a------ C:\WINDOWS\LEAD45.DLL
2007-04-21 08:35:54 205824 --a------ C:\WINDOWS\PPLIBMGR.DLL <Not Verified; ; PPLIBMGR Dynamic Link Library>
2007-04-21 08:35:54 116736 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-04-21 08:35:48 353280 --a------ C:\WINDOWS\MGXBM10.DLL <Not Verified; Micrografx, Inc.; >
2007-04-21 08:35:48 31232 --a------ C:\WINDOWS\FVDS60.DLL
2007-04-21 08:35:36 398416 --a------ C:\WINDOWS\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-04-21 08:35:36 13824 --a------ C:\WINDOWS\VBOA300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-04-21 08:35:36 640512 --a------ C:\WINDOWS\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2007-04-21 08:35:34 1915392 --a------ C:\WINDOWS\MGXRDR32.DLL
2007-04-21 08:35:34 74240 --a------ C:\WINDOWS\MGXFRM10.DLL <Not Verified; Micrografx, Inc.; >
2007-04-21 08:35:23 253952 --a------ C:\WINDOWS\PPIV.DLL
2007-04-21 08:35:22 0 d-------- C:\WINDOWS\Program Files
2007-04-21 08:35:21 160256 --a------ C:\WINDOWS\MGXCLEAN.EXE <Not Verified; Micrografx, Inc.; Micrografx Uninstaller>
2007-04-20 20:49:14 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Macromedia
2007-04-20 20:38:17 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft Web Folders
2007-04-20 18:27:56 0 d-------- C:\Program Files\MSXML 4.0
2007-04-20 16:11:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-20 16:10:27 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-20 16:07:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-20 16:07:03 0 d--hs---- C:\Documents and Settings\MY COMPUTER\UserData
2007-04-20 16:06:57 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\Google
2007-04-20 16:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-20 16:01:19 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-20 12:33:47 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\U3
2007-04-13 09:03:19 16 --a------ C:\WINDOWS\popcinfo.dat


-- Find3M Report ---------------------------------------------------------------

2007-05-12 18:30:08 0 d-------- C:\Program Files\QuickTime
2007-05-12 18:30:05 0 d-------- C:\Program Files\Protector Suite QL
2007-05-12 18:29:58 0 d-------- C:\Program Files\Picasa2
2007-05-08 10:14:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-05 13:06:13 0 d-------- C:\Program Files\GemMaster
2007-05-03 10:19:49 33 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.log
2007-05-03 10:19:47 1144 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.inf
2007-05-03 10:19:47 1074 --a------ C:\Documents and Settings\MY COMPUTER\Application Data\pcouffin.cat
2007-05-02 22:02:11 0 d-------- C:\Program Files\Google
2007-05-02 21:31:02 0 d-------- C:\Program Files\WildTangent
2007-05-02 21:29:01 0 d-------- C:\Program Files\Toshiba Games
2007-05-02 10:31:50 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-30 21:39:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-30 21:17:00 0 d-------- C:\Program Files\InterVideo
2007-04-23 19:50:36 0 d-------- C:\Documents and Settings\MY COMPUTER\Application Data\toshiba
2007-04-22 09:40:11 0 d-------- C:\Program Files\Yahoo!
2007-04-20 20:38:02 0 d-------- C:\Program Files\microsoft frontpage
2007-04-20 20:03:55 0 d-------- C:\Program Files\Pure Networks
2007-04-20 20:03:55 0 d-------- C:\Program Files\Common Files\AOL
2007-04-20 18:56:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-20 16:04:57 0 d-------- C:\Program Files\DesktopDialer
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TDispVol"="TDispVol.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"PSQLLauncher"="\"C:\\Program Files\\Protector Suite QL\\launcher.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Registry Cleaner Scheduler"="\"C:\\Program Files\\CleanMyPC\\Registry Cleaner\\RCHelper.exe\" /startup"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0psqlpwd\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-12 at 18:50:02 ---------

#14 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:45 AM

Posted 13 May 2007 - 03:47 AM

Hello There!

You can go ahead and delete those tools we used.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Step #1

Please Locate Doctor Web's Quarantine Folder and Empty everything you can find inside of it:

C:\Documents and Settings\MY COMPUTER\DoctorWeb\Quarantine

Step #2

Please go Here to see how to show hidden files in windows.

Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

C:\WINDOWS\nircmd.exe

Step #3

It would be great to have any info to make my computer run faster


Alright, Please open HiJackThis and scan. Check the boxes next to all the entries listed below:

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

if you deicde to change your mind and nead some of these to start normally, it is possible to Restore them from backups.

Now reboot your computer.

Step #4

Download ATF-Cleaner by Atribune to your desktop.

Do not run it yet.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Next Re-Scan using Panda Active Scan And Let me know how things are running :thumbsup:
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#15 David Swetnam

David Swetnam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 14 May 2007 - 08:11 PM

Running for a couple days without popups!!! Thank you so much! Have recommended the site to many.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users