Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Pop Ups


  • This topic is locked This topic is locked
7 replies to this topic

#1 DSMJuggalo

DSMJuggalo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 28 May 2007 - 03:15 PM

alright somebody please help,i think i have a trojan and cant get rid of it here is my hjt log


Logfile of HijackThis v1.99.1
Scan saved at 3:08:22 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\windows\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\SYSTEM\DRIVER\ntsrv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\windows\system\driver\csrss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...05-96f9fba5a523
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {76ea2b0f-6907-41a8-b749-2e83776ecf1f} - C:\WINDOWS\system32\FM2vaa.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp123.tmp.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywtst.dll",realset
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Rwwbjw.exe
O4 - HKLM\..\Run: [AutoLoader40ul1ISgJaPK] "C:\WINDOWS\system32\fsqsn1.exe"
O4 - HKLM\..\Run: [475P36P] fsqsn1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Exif Launcher.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} -
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...e55e39bbcd1b030
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ssqrrop.dll
O20 - Winlogon Notify: FM2vaa - C:\WINDOWS\SYSTEM32\FM2vaa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\windows\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:47 PM

Posted 28 May 2007 - 03:47 PM

Hello DSMJuggalo and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!

Regards,
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:47 PM

Posted 29 May 2007 - 12:26 PM

Hello DSMJuggalo,

Your computer is very infected :thumbsup:

There is a backdoor trojan detected on your system. This gives hackers full access to everything stored on the computer!
i recommend these actions:

1) use a known secure computer to change all of your online passwords
2) contact your bank and credit card company for possible unauthorized transactions

more info can be found here:


How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


some further reading:

Security Management - May 2004
Help: I Got Hacked. Now What Do I Do?
http://www.microsoft.com/technet/community...gmt/sm0504.mspx

Security Management - July 2004
Help: I Got Hacked. Now What Do I Do? Part II
http://www.microsoft.com/technet/community...gmt/sm0704.mspx

and finally some more considerations:

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

if you choose to format and reinstall see this link for instructions:
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html
-----------------------------------------------------------------------

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER

Please follow the steps below exactly in the order they are written:

Step 1

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Step 2

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread http://www.bleepingcomputer.com/forums/t/93878/numerous-pop-ups/
  • Browse for this filename: C:\WINDOWS\system32\FM2vaa.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
  • Follow the same instructions for the next files too:C:\WINDOWS\system32\fsqsn1.exe
    C:\windows\system\driver\csrss.exe
Thank you !
Step 3

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {76ea2b0f-6907-41a8-b749-2e83776ecf1f} - C:\WINDOWS\system32\FM2vaa.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp123.tmp.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywtst.dll",realset
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Rwwbjw.exe
O4 - HKLM\..\Run: [AutoLoader40ul1ISgJaPK] "C:\WINDOWS\system32\fsqsn1.exe"
O4 - HKLM\..\Run: [475P36P] fsqsn1.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} -
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...e55e39bbcd1b030
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O20 - AppInit_DLLs: c:\windows\system32\ssqrrop.dll
O20 - Winlogon Notify: FM2vaa - C:\WINDOWS\SYSTEM32\FM2vaa.dll
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\windows\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step 4
  • Click Start > Run, type cmd into the Open editbox and click the Ok button.
  • Into the Command Prompt window type this:
    • sc stop NTBOOT then press Enter
      sc delete NTBOOT then press Enter
      sc stop NTLOAD press Enter
      sc delete NTLOAD press Enter
      sc stop NTSVCMGR press Enter
      sc delete NTSVCMGR press Enter
  • Close Command Prompt window.
Step 5

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step 6

a.) Download AVG Anti-Spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

b.) Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net/en/download/updates/

Step 7

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click fsbl.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Step 8

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please post back with the contents of vundofix.txt, AVG Anti-Spyware report scan, Blacklight report, dss scan reports main.txt and extra.txt. Let me know how the things went.
SNOWHITE
Posted Image

#4 DSMJuggalo

DSMJuggalo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 30 May 2007 - 02:51 AM

ok i did everything on that list and am still getting pop ups...here are the things u requested


vundofix found no problems
avg antispyware found no problems
blacklight found no problems
here are the dss reports

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 510.98 MiB / 196.65 MiB
Pagefile Memory (total/avail): 1247.51 MiB / 925.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.83 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 14.09 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bobby\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HERRING1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bobby
LOGONSERVER=\\HERRING1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bobby\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bobby\LOCALS~1\Temp
USERDOMAIN=HERRING1
USERNAME=Bobby
USERPROFILE=C:\Documents and Settings\Bobby
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Eric (admin)
Nicole (admin)
Bobby (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> "C:\WINDOWS\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe"
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\PROGRA~1\Yahoo!\browser\unyb.exe
--> C:\PROGRA~1\Yahoo!\Common\unwise.exe /S C:\PROGRA~1\Yahoo!\Common\install.log
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\PROGRA~1\Yahoo!\PARENT~1\unypc.exe /S
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 7.0.8 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alchemy 1.2 --> C:\Program Files\PopCap Games\Alchemy\UnGins.exe "C:\Program Files\PopCap Games\Alchemy\install.log"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
ArcSoft VideoImpression 1.6FP --> C:\windows\IsUninst.exe -f"C:\Program Files\ArcSoft\VideoImpression\Uninst.isu"
AstroPop Deluxe 1.0 --> C:\Program Files\PopCap Games\AstroPop Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\AstroPop Deluxe\Install.log"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Bejeweled Deluxe 1.861 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Big Money Deluxe 1.22 --> C:\Program Files\PopCap Games\Big Money Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Big Money Deluxe\Install.log
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Console Classix 3.8 --> "C:\Program Files\ConsoleClassix.com\unins000.exe"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.00.08.0416) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Dynomite Deluxe 2.71 --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Easy CD-DA Extractor 10 --> "C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"
Easy CD Creator 5 Platinum --> MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FA Alphabet & Numbers --> C:\windows\unvise32.exe C:\Program Files\sz8050\uninstal.log
FilmLoop Player --> C:\Program Files\FilmLoop Player\flinstagnt.exe /Uninstall FilmLoopPlayer
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Fisher-Price Petshop --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fisher-Price®\Petshop\DeIsL1.isu"
Flock (Photobucket Edition) 0.7 --> C:\Program Files\Flock\uninst.exe
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Green Eggs and Ham --> C:\windows\uninst.exe -fC:\Lvg_Bks\DeIsL1.isu
Hackman Hex Editor --> "C:\Program Files\Hackman\Uninstall.exe" "C:\Program Files\Hackman\install.log"
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hallmark Card Studio --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CardStudio\Uninst.isu
Harry Potter II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> F:\HijackThis.exe /uninstall
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
hp psc 2100 series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
hp psc 2100 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2100 series
IGN Download Manager 2.2.1 --> C:\Program Files\IGN\Download Manager\uninst.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1E8CF57A-24E8-4A97-9564-A8F1956C447B} /l1033
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
JumpStart Parent Resource Center --> C:\WINDOWS\IsUninst.exe -fC:\KA\PRC\DeIsL1.isu
JumpStart Pre-K --> C:\WINDOWS\IsUninst.exe -fC:\KA\PRE_K\DeIsL1.isu
JumpStart Toddlers 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSTD2001\DeIsL1.isu"
LEGO Digital Designer --> "C:\Program Files\LEGO Software\LEGO Digital Designer\uninstall.exe"
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Mario Forever 4.0 --> C:\Program Files\Mario Forever\uninst.exe
Math Blaster Ages 7-8 --> C:\windows\UnMB78.exe
Memorex exPressit Label Design Studio --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
MINERVA: Metastasis 2 --> C:\PROGRA~1\Valve\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE C:\PROGRA~1\Valve\Steam\STEAMA~1\SOURCE~1\METAST~1\metastasis.log
mobile PhoneTools --> MsiExec.exe /I{CF88712B-16A3-45A1-B6C5-8E6CD0408E61}
Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mr. Potato Head Uninstaller --> C:\windows\uninst.exe -fC:\mrpotato\DeIsL1.isu
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
My Little Pony --> C:\windows\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\My Little Pony\Uninst.isu"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\windows\system32\nvudisp.exe UninstallGUI
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Paint Shop Pro 6 Digital Camera Support --> C:\PROGRA~1\PAINTS~1\CAMUnwise.exe C:\PROGRA~1\PAINTS~1\CamSupp.log
Paint Shop Pro 6.0 (CD-ROM) --> C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PDO Desktop --> c:\program files\pdo desktop\companionlink.exe -uninstall
Pencil-Pal Preschool --> C:\windows\unvise32.exe C:\Program Files\sz8080\uninstal.log
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PhotoParade Player --> "C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Pueblo/UE 2.61 --> "C:\Program Files\PuebloUE\unins000.exe"
PVK --> C:\Program Files\Valve\Steam\SteamApps\SourceMods\pvk\uninstall.exe
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! Applications --> C:\Program Files\SBC Yahoo!\UninstallManager.exe
SBC Yahoo! Login --> C:\windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
SCRABBLE Deluxe --> C:\PROGRA~1\ZONE~1.COM\SCRABB~1\UNWISE.EXE C:\PROGRA~1\ZONE~1.COM\SCRABB~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Seven Seas Deluxe 1.13 --> C:\Program Files\PopCap Games\Seven Seas Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Seven Seas Deluxe\Install.log
Ship --> C:\Program Files\Valve\Steam\SteamApps\UnInstall_Ship.exe
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
ToEE World Builder --> C:\Program Files\ToEE World Builder\Uninstal.exe
Trivial Pursuit Silver Screen Edition --> "C:\Program Files\Oberon Media\Trivial Pursuit Silver Screen Edition\Uninstall.exe" "C:\Program Files\Oberon Media\Trivial Pursuit Silver Screen Edition\install.log"
USB Driver Vers. 3.2 --> C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual IP InSight(SBC) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
VSO CopyToDVD 4 --> "C:\Program Files\VSO\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Wheel of Fortune 2nd Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}\setup.exe"
White Wolf --> C:\PROGRA~1\WHITEW~1\UNWISE.EXE C:\PROGRA~1\WHITEW~1\INSTALL.LOG
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
WinISD beta --> C:\PROGRA~1\WinISD\UNWISE.EXE C:\PROGRA~1\WinISD\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- End of Deckard's System Scanner: finished at 2007-05-30 at 02:33:43 ---------

Deckard's System Scanner v20070426.43
Run by Bobby on 2007-05-30 at 02:30:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-05-30 07:30:42 UTC - RP1369 - Deckard's System Scanner Restore Point
16: 2007-05-29 07:37:21 UTC - RP1368 - System Checkpoint
15: 2007-05-28 07:17:05 UTC - RP1367 - Spybot-S&D Spyware removal
14: 2007-05-27 05:23:25 UTC - RP1366 - Installed Ad-Aware SE Personal
13: 2007-05-26 00:18:55 UTC - RP1365 - System Checkpoint


-- First Restore Point --
1: 2007-05-13 14:28:00 UTC - RP1353 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Bobby.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:32:28 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Bobby\Desktop\dss.exe
C:\DOCUME~1\Bobby\Desktop\Bobby.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...05-96f9fba5a523
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tmp164A.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {76ea2b0f-6907-41a8-b749-2e83776ecf1f} - C:\WINDOWS\system32\FM2vaa.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\vttroo.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Exif Launcher.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ssqrrop.dll
O20 - Winlogon Notify: FM2vaa - C:\WINDOWS\SYSTEM32\FM2vaa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Bobby\Desktop\backups\) ---------------

backup-20070529-221751-232 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
backup-20070529-221751-335 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20070529-221751-555 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20070529-221751-730 O2 - BHO: (no name) - {76ea2b0f-6907-41a8-b749-2e83776ecf1f} - C:\WINDOWS\system32\FM2vaa.dll
backup-20070529-221753-156 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp9D1.tmp.dll
backup-20070529-221753-523 O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
backup-20070529-221755-159 O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\gebbaw.dll",realset
backup-20070529-221755-589 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
backup-20070529-221755-635 O4 - HKLM\..\Run: [475P36P] fsqsn1.exe
backup-20070529-221755-738 O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Rwwbjw.exe
backup-20070529-221755-744 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070529-221755-876 O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
backup-20070529-221755-898 O4 - HKLM\..\Run: [AutoLoader40ul1ISgJaPK] "C:\WINDOWS\system32\fsqsn1.exe"
backup-20070529-221756-298 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
backup-20070529-221756-598 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
backup-20070529-221756-992 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
backup-20070529-221757-635 O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
backup-20070529-221758-280 O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
backup-20070529-221758-847 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
backup-20070529-221759-185 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
backup-20070529-221759-788 O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
backup-20070529-221800-281 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
backup-20070529-221800-752 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
backup-20070529-221800-804 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
backup-20070529-221801-324 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} -
backup-20070529-221801-866 O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} -
backup-20070529-221802-241 O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
backup-20070529-221802-475 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
backup-20070529-221803-114 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
backup-20070529-221803-300 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
backup-20070529-221804-158 O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
backup-20070529-221804-223 O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
backup-20070529-221805-696 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
backup-20070529-221805-999 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
backup-20070529-221806-165 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -
backup-20070529-221807-168 O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
backup-20070529-221807-730 O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...e55e39bbcd1b030
backup-20070529-221808-305 O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
backup-20070529-221808-822 O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
backup-20070529-221823-478 O23 - Service: NTSVCMGR - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe
backup-20070529-221823-541 O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\windows\SYSTEM\DRIVER\ntuser.exe
backup-20070529-221823-683 O20 - Winlogon Notify: FM2vaa - C:\WINDOWS\SYSTEM32\FM2vaa.dll
backup-20070529-221823-870 O23 - Service: NTLOAD - Unknown owner - C:\windows\SYSTEM\DRIVER\ntsrv.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys <Not Verified; Roxio; DirectCD>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 pwd_2K - c:\windows\system32\drivers\pwd_2k.sys <Not Verified; Roxio; DirectCD>
R1 Udfreadr_xp - c:\windows\system32\drivers\udfreadr_xp.sys <Not Verified; Roxio; DirectCD>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys <Not Verified; Roxio; DirectCD>
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys <Not Verified; Roxio; DirectCD>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 RDSWmi - c:\windows\system32\drivers\sweimapi.sys (file missing)
S3 BulkUsb (rylm100.sys) - c:\windows\system32\drivers\rylm100.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
S3 naecd - c:\docume~1\eric\locals~1\temp\naecd.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 iPodService - c:\program files\ipod\bin\ipodservice.exe (file missing)
S4 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-30 02:08:50 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-05-25 20:00:00 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Eric.job


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-30 00:01:14 106389 --a------ C:\WINDOWS\vttroo.dll
2007-05-29 22:22:34 0 d-------- C:\VundoFix Backups
2007-05-28 10:49:16 106582 --a------ C:\WINDOWS\bywvwt.dll
2007-05-28 01:58:57 106334 --a------ C:\WINDOWS\gebbaw.dll
2007-05-28 01:30:49 106667 --a------ C:\WINDOWS\khifde.dll
2007-05-27 21:21:46 106654 --a------ C:\WINDOWS\efcyvw.dll
2007-05-27 21:16:43 663349 ---hs---- C:\WINDOWS\gjkkkj.ini2
2007-05-27 21:16:24 106542 --a------ C:\WINDOWS\jkkkjg.dll
2007-05-27 07:02:06 106463 --a------ C:\WINDOWS\ddbaby.dll
2007-05-27 00:37:52 106575 --a------ C:\WINDOWS\ddbccb.dll
2007-05-27 00:23:58 0 d-------- C:\Documents and Settings\Bobby\Application Data\Lavasoft
2007-05-27 00:22:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 06:47:25 106446 --a------ C:\WINDOWS\tutuur.dll
2007-05-24 22:01:23 12010 --a------ C:\WINDOWS\system32\ssqrrop.dll
2007-05-24 22:01:23 37535 --a------ C:\WINDOWS\system32\FM2vaa.dll
2007-05-24 22:01:20 58796 --a------ C:\WINDOWS\48x.exe
2007-05-24 21:58:20 6144 --a------ C:\WINDOWS\system32\perfc000.dat
2007-05-24 19:10:48 0 d-------- C:\Documents and Settings\Bobby\Application Data\RapidGet
2007-05-20 20:54:23 0 d-------- C:\Documents and Settings\Bobby\Application Data\CyberLink
2007-05-20 00:27:27 0 d-------- C:\Documents and Settings\Bobby\Application Data\Opera
2007-05-18 11:51:17 0 d-------- C:\Program Files\PokerStars
2007-05-16 15:38:25 0 d-------- C:\Documents and Settings\Bobby\Application Data\Creative
2007-05-16 14:13:53 0 d-------- C:\Program Files\Google
2007-05-15 00:11:24 0 d-------- C:\Program Files\ConsoleClassix.com
2007-05-14 16:17:34 407129 --a------ C:\WINDOWS\MarioForever_Toolbar_Uninstaller_2625.exe <Not Verified; Buziol Games; Mario Forever>
2007-05-14 16:17:21 0 d-------- C:\Program Files\Mario Forever
2007-05-14 14:53:59 0 d-------- C:\Documents and Settings\Bobby\Application Data\Viewpoint
2007-05-14 01:01:38 0 d-------- C:\Documents and Settings\Bobby\Application Data\Real
2007-05-11 22:36:10 0 d-------- C:\Documents and Settings\Bobby\Shared
2007-05-11 22:36:05 0 d-------- C:\Documents and Settings\Bobby\Incomplete
2007-05-11 22:35:42 0 d-------- C:\Documents and Settings\Bobby\Application Data\LimeWire
2007-05-09 03:05:49 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 17:19:26 0 d-------- C:\Program Files\3DGroove
2007-05-06 18:11:00 0 d-------- C:\Program Files\DivX
2007-05-04 11:10:25 0 d-------- C:\Documents and Settings\Bobby\Application Data\Sun
2007-05-02 18:43:32 0 d-------- C:\Documents and Settings\Bobby\Application Data\CopyToDvd
2007-05-02 18:37:07 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 18:37:07 0 d-------- C:\Documents and Settings\Bobby\Application Data\Vso
2007-05-02 18:37:07 47360 --a------ C:\Documents and Settings\Bobby\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-02 16:39:42 0 d-------- C:\Program Files\vso
2007-05-01 16:29:13 323 --ah----- C:\Documents and Settings\Bobby\hpothb07.dat
2007-05-01 16:23:40 0 d-------- C:\Documents and Settings\Bobby\Application Data\Apple Computer
2007-05-01 09:37:40 0 d-------- C:\Documents and Settings\Application Data\Application Data
2007-05-01 09:37:40 0 d-------- C:\Documents and Settings\Application Data\Application Data\Microsoft
2007-05-01 09:37:39 0 d-------- C:\Documents and Settings\Application Data\Microsoft
2007-05-01 09:37:39 0 d-------- C:\Application Data
2007-05-01 09:37:38 0 d-------- C:\Documents and Settings\Bobby\Application Data\MySpace


-- Find3M Report ---------------------------------------------------------------

2007-05-30 00:11:10 24 --ah----- C:\WINDOWS\p6Yul
2007-05-30 00:01:13 233282 --a------ C:\Documents and Settings\Bobby\Application Data\tmp19D4.tmp.exe
2007-05-30 00:00:43 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp19C5.tmp.exe
2007-05-29 22:18:35 0 d-------- C:\Program Files\Photodex Presenter
2007-05-29 21:46:41 50989 --a------ C:\Documents and Settings\Bobby\Application Data\tmp164A.tmp.exe
2007-05-29 05:20:57 233056 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1142.tmp.exe
2007-05-29 05:20:23 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1121.tmp.exe
2007-05-29 05:20:15 50927 --a------ C:\Documents and Settings\Bobby\Application Data\tmp111D.tmp.exe
2007-05-28 21:58:47 232952 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9E6.tmp.exe
2007-05-28 21:58:32 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9D7.tmp.exe
2007-05-28 21:58:14 50518 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9D1.tmp.exe
2007-05-28 16:33:21 232952 --a------ C:\Documents and Settings\Bobby\Application Data\tmp54E.tmp.exe
2007-05-28 16:33:19 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp53F.tmp.exe
2007-05-28 16:33:00 50518 --a------ C:\Documents and Settings\Bobby\Application Data\tmp50E.tmp.exe
2007-05-28 14:58:06 232952 --a------ C:\Documents and Settings\Bobby\Application Data\tmp143.tmp.exe
2007-05-28 14:57:58 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp125.tmp.exe
2007-05-28 14:57:55 50518 --a------ C:\Documents and Settings\Bobby\Application Data\tmp123.tmp.exe
2007-05-28 10:49:15 233044 --a------ C:\Documents and Settings\Bobby\Application Data\tmp5CB.tmp.exe
2007-05-28 10:49:10 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp5B6.tmp.exe
2007-05-28 10:49:04 50402 --a------ C:\Documents and Settings\Bobby\Application Data\tmp5A6.tmp.exe
2007-05-28 01:58:56 233464 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1DFD.tmp.exe
2007-05-28 01:58:53 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1DFB.tmp.exe
2007-05-28 01:50:08 50456 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1CCE.tmp.exe
2007-05-28 01:30:48 233650 --a------ C:\Documents and Settings\Bobby\Application Data\tmp188E.tmp.exe
2007-05-28 01:30:39 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp188C.tmp.exe
2007-05-28 01:29:21 50456 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1824.tmp.exe
2007-05-27 22:39:42 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp105C.tmp.exe
2007-05-27 22:39:36 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp104B.tmp.exe
2007-05-27 22:39:30 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp103A.tmp.exe
2007-05-27 22:39:08 50569 --a------ C:\Documents and Settings\Bobby\Application Data\tmpFFC.tmp.exe
2007-05-27 21:21:45 233038 --a------ C:\Documents and Settings\Bobby\Application Data\tmpC71.tmp.exe
2007-05-27 21:21:10 50140 --a------ C:\Documents and Settings\Bobby\Application Data\tmpC52.tmp.exe
2007-05-27 21:16:23 233743 --a------ C:\Documents and Settings\Bobby\Application Data\tmp867.tmp.exe
2007-05-27 21:16:03 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp84D.tmp.exe
2007-05-27 11:34:20 0 d-------- C:\Program Files\ICQToolbar
2007-05-27 07:02:04 233548 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1E7.tmp.exe
2007-05-27 07:01:57 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp191.tmp.exe
2007-05-27 07:01:41 50315 --a------ C:\Documents and Settings\Bobby\Application Data\tmpEC.tmp.exe
2007-05-27 00:37:51 233463 --a------ C:\Documents and Settings\Bobby\Application Data\tmp2B9.tmp.exe
2007-05-27 00:37:45 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp2B7.tmp.exe
2007-05-27 00:37:25 50415 --a------ C:\Documents and Settings\Bobby\Application Data\tmp282.tmp.exe
2007-05-27 00:23:31 0 d-------- C:\Program Files\Lavasoft
2007-05-26 06:58:40 233621 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9D9D.tmp.exe
2007-05-26 06:58:08 50413 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9D79.tmp.exe
2007-05-26 06:47:23 233621 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9AEA.tmp.exe
2007-05-26 06:47:22 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9AE2.tmp.exe
2007-05-26 06:47:18 50413 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9AC3.tmp.exe
2007-05-26 06:40:41 233621 --a------ C:\Documents and Settings\Bobby\Application Data\tmp93E9.tmp.exe
2007-05-26 06:39:57 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp93B4.tmp.exe
2007-05-26 06:38:45 50413 --a------ C:\Documents and Settings\Bobby\Application Data\tmp9363.tmp.exe
2007-05-26 00:50:31 233621 --a------ C:\Documents and Settings\Bobby\Application Data\tmp2E84.tmp.exe
2007-05-26 00:50:18 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp26B1.tmp.exe
2007-05-26 00:50:03 50413 --a------ C:\Documents and Settings\Bobby\Application Data\tmp1F97.tmp.exe
2007-05-24 23:31:23 233610 --a------ C:\Documents and Settings\Bobby\Application Data\tmp403A.tmp.exe
2007-05-24 23:31:18 16384 --a------ C:\Documents and Settings\Bobby\Application Data\tmp4038.tmp.exe
2007-05-20 00:26:44 0 d-------- C:\Documents and Settings\Bobby\Application Data\Adobe
2007-05-20 00:17:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-15 23:53:10 0 d-------- C:\Program Files\Paint Shop Pro 6
2007-05-02 18:37:19 34 --a------ C:\Documents and Settings\Bobby\Application Data\pcouffin.log
2007-05-02 18:37:07 1144 --a------ C:\Documents and Settings\Bobby\Application Data\pcouffin.inf
2007-05-02 18:37:07 1074 --a------ C:\Documents and Settings\Bobby\Application Data\pcouffin.cat
2007-05-01 16:29:04 2531 --ah----- C:\hpothb07.dat
2007-05-01 15:00:02 0 d-------- C:\Program Files\Disney Interactive
2007-05-01 14:59:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-01 14:51:52 0 d-------- C:\Program Files\SlySoft
2007-05-01 12:26:12 0 d-------- C:\Program Files\Elaborate Bytes
2007-04-28 23:52:43 0 d-------- C:\Program Files\BitLord
2007-04-28 23:46:54 0 d-------- C:\Documents and Settings\Bobby\Application Data\Aim
2007-04-28 15:57:28 0 d-------- C:\Documents and Settings\Bobby\Application Data\BitTorrent
2007-04-27 23:54:38 0 d-------- C:\Documents and Settings\Bobby\Application Data\SlySoft
2007-04-27 17:36:23 0 d-------- C:\Documents and Settings\Bobby\Application Data\Ahead
2007-04-27 16:15:49 0 d-------- C:\Documents and Settings\Bobby\Application Data\AdobeUM
2007-04-27 14:01:00 0 dr-h----- C:\Documents and Settings\Bobby\Application Data\yahoo!
2007-04-27 13:52:44 0 d-------- C:\Documents and Settings\Bobby\Application Data\Macromedia
2007-04-27 13:48:15 0 d-------- C:\Documents and Settings\Bobby\Application Data\Identities
2007-04-23 20:56:37 0 d-------- C:\Program Files\Logitech
2007-04-23 20:54:10 0 d-------- C:\Program Files\Common Files\Logitech
2007-04-21 19:35:14 0 d-------- C:\Program Files\NCH Swift Sound
2007-04-18 11:21:07 0 d-------- C:\Program Files\Easy CD-DA Extractor 10
2007-04-18 10:57:36 19558 --a------ C:\WINDOWS\hpoins01.dat
2007-04-17 17:53:33 0 d-------- C:\Program Files\PDO Desktop
2007-04-14 09:07:38 0 d-------- C:\Program Files\AC3Filter
2007-04-10 15:32:16 12055 --a------ C:\WINDOWS\system32\delme.exe
2007-04-10 14:44:06 0 d-------- C:\Program Files\Xvid
2007-04-10 14:01:47 0 d-------- C:\Program Files\Super DVD Creator 9.30
2007-04-10 09:41:24 0 d-------- C:\Program Files\Hp
2007-04-07 21:54:42 0 d-------- C:\Program Files\DVD Shrink
2007-04-04 15:31:41 122 --a------ C:\WINDOWS\tmpdelis.bat
2007-04-04 15:31:41 392 --a------ C:\WINDOWS\tmpcpyis.bat
2007-04-01 07:34:21 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-03-03 17:43:45 23552 --a------ C:\WINDOWS\xobglu32.dll
2007-03-03 17:43:45 63488 --a------ C:\WINDOWS\xobglu16.dll
2007-02-28 18:40:05 30464 --a------ C:\WINDOWS\macromix.dll


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} C:\Program Files\Microsoft Money\System\mnyside.dll
{4B646AFB-9341-4330-8FD1-C32485AEE619} C:\WINDOWS\system32\tmp164A.tmp.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{76ea2b0f-6907-41a8-b749-2e83776ecf1f} C:\WINDOWS\system32\FM2vaa.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"setup"="rundll32.exe \"C:\\WINDOWS\\vttroo.dll\",realset"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FM2vaa

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\ssqrrop.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^14 FYI.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\14 FYI.lnk"
"backup"="C:\\WINDOWS\\pss\\14 FYI.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\14FYI~1\\TRUEWE~1.EXE -d 10,000"
"item"="14 FYI"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SBC Self Support Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\SBC Self Support Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
"item"="SBC Self Support Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Windows Desktop Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSNTOO~1\\DS\\020500~1.108\\en-us\\bin\\WINDOW~3.EXE /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\475P36P]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fsqsn1"
"hkey"="HKLM"
"command"="fsqsn1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Atari icon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Infogrames\\Atari Anniversary Edition\\Volume 2\\Atari icon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Banner"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Infogrames\\Atari Anniversary Edition\\Volume 2\\Banner.exe\" /0"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAMTRAY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\windows\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mc-58-12-0000137"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\mc-58-12-0000137.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FilmLoop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FilmLoop Player\\FilmLoop.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPMon32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LwuFRWjqS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm2init"
"hkey"="HKCU"
"command"="fm2init.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.0002.1001\\en-us\\msnappau.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MWSBAR"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2pnetworking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p2pnetworking"
"hkey"="HKLM"
"command"="p2pnetworking.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSHAVE"
"hkey"="HKLM"
"command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bridge"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mc-58-12-0000137"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Windows\\mc-58-12-0000137.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqepejku]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tqepejku"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\feyuisxa\\tqepejku.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=dword:00000003
"SAVScan"=dword:00000002
"Pml Driver HPZ12"=dword:00000003
"MDM"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-30 at 02:33:43 ---------

#5 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:47 PM

Posted 31 May 2007 - 11:09 AM

Hello DSMJuggalo,

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER

1. Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


C:\WINDOWS\system32\fsqsn1.exe
c:\windows\system32\ssqrrop.dll
C:\WINDOWS\system32\tmp123.tmp.dll
C:\Documents and Settings\Bobby\Application Data\tmp19D4.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp19C5.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp164A.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp1142.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp1121.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp111D.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp9E6.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp9D7.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp9D1.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp54E.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp53F.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp50E.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp143.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp125.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp123.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp5CB.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp5B6.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp5A6.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp1DFD.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp1DFB.tmp.exe
C:\Documents and Settings\Bobby\Application Data\tmp1CCE.tmp.exe


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to DSMJuggalo.cab.

Then go to:UploadMalware to upload DSMJuggalo.cab for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: DSMJuggalo.cab
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Thank you !

ok i did everything on that list and am still getting pop ups...here are the things u requested


vundofix found no problems
avg antispyware found no problems
blacklight found no problems



2. What version of vundofix you have ? Start vundofix and and tell me what do you see example VundoFix V6.3.17 ?

Please post the vundofix report like i instructed you in post #3.

3. Did you updated AVG Anti-Spyware with the latest updates before running scan with it?

If you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net/en/download/updates/

Follow the same instructions about running scan with AVG Anti-Spyware from my post #3 and please post the results of the scan back here into this thread.

4. Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.


O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tmp164A.tmp.dll
O2 - BHO: (no name) - {76ea2b0f-6907-41a8-b749-2e83776ecf1f} - C:\WINDOWS\system32\FM2vaa.dll
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\vttroo.dll",realset
O20 - AppInit_DLLs: c:\windows\system32\ssqrrop.dll
O20 - Winlogon Notify: FM2vaa - C:\WINDOWS\SYSTEM32\FM2vaa.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


5. Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

6. Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

In your next reply please post this scan reports:
  • vundofix.txt
  • AVG Anti-Spyware scan report
  • combofix report
  • new HiJackthis log
  • GMER report
If there is something that you don't understand feel free to ask me before proceeding.
SNOWHITE
Posted Image

#6 DSMJuggalo

DSMJuggalo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 01 June 2007 - 02:22 PM

thank you so much for your help snowhite...i decided to nuke the harddrive and reinstall windows,seemed like a easier route to me and there wasnt anything important on the computer anyways

#7 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:47 PM

Posted 02 June 2007 - 07:34 AM

thank you so much for your help snowhite...i decided to nuke the harddrive and reinstall windows,seemed like a easier route to me and there wasnt anything important on the computer anyways


Hi DSMJuggalo,

Thanks for letting us know :flowers:

The following is a list of tools that I recommend to people for better protections and preventing from re-infecting of the computer.
  • SpywareBlaster - Helps preventing spyware from installing in the first place.
  • SpywareGuard - To catch and block spyware before it can execute.
  • IESpy-Ad - Blocks access to malicious websites so you cannot be redirected to them from an infected site or email.
  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Comodo BOClean - BOClean runs automatically in the background without interfering with your work and kills malwares INSTANTLY the moment they activate without giving them the chance to invade your machine.
  • SUPERAntiSpyware Home Edition (free version) – Another effective program for helping remove some of the more difficult infections
  • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Also see So how did I get infected in the first place? :thumbsup:
SNOWHITE
Posted Image

#8 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:03:47 PM

Posted 14 June 2007 - 12:22 PM

as the problem here seems to be resolved this topic is now closed
to get it reopened PM a staff member with the address of this thread.
this applies to the topic starter only, everyone else with similar problems start a new topic.

glad we could help :thumbsup:

thank you SNOWHITE :flowers:
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users