antivirus popups

file yayyxxy.dll will NOT delete and am getting constant popups for a antivirus program.

THE HIJACK LOG
Logfile of HijackThis v1.99.1
Scan saved at 21:19:07, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

I have ran ad-aware and spyware seek and destroy repeatly. and the problem is still there. Ran VundoFix.exe it finds 3 files and crash computer twice requiring manual restart. and proplem is still there. Killbox.exe cannot get rid of yayyxxy.dll either

Anyone able to help me
«1

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    The Fix

    Please download VundoFix.exe to your desktop.

    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
  • Mgd
    edited February 2007
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:21:54 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\winzwr32.dllx
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jesmwni.dllx Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
    Attempting to delete C:\WINDOWS\system32\winzwr32.dllx
    C:\WINDOWS\system32\winzwr32.dllx Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:36:10 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\vtstu.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 03:10:29 18/02/2007
    Listing files found while scanning....
    No infected files were found.

    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 13:23:22 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\mllmj.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 21:33:05 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\geedd.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.bak2 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Has been deleted!
    Performing Repairs to the registry.
    Done!

    HIJACK log
    Logfile of HijackThis v1.99.1
    Scan saved at 21:53:02, on 18/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Medion Info Display\MdionLCM.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    www.amaena.com/ popups are still showing for winantiviruspro with valid system information!!
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Sorry Ididnt read your message throuhgt :banghead:

    Wait a while, i´ll give instuructions to upload those files to uploadmalware.com FIRST

    Please First upload this file to C:\WINDOWS\SYSTEM32\yayyxxy.dll
    http://www.uploadmalware.com/

    After that :

    Please download Process Explorer

    Unzip Process Explorer and double click on procexp.exe

    In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

    Once you see this screen click on each instance of pmnklij.dll once and then click the kill button.

    After you have killed all of the geedd.dll and yayyxxy.dll under winlogon click OK.

    Also look for any .ini or bak files or other dll's with either the same name or the file name in reverse & kill them as well

    Example:

    geedd.dll
    ddeeg.ini
    ddeeg.reg etc

    and

    yayyxxy.dll
    yxxyyay.bak
    yxxyyay.ini

    or

    vslcupwt.dll
    twpuclsv.bak

    etc

    Next double click on explorer.exe and again click once on each instance of geedd.dll and yayyxxy.dll then click the kill button.

    Also look for any .ini or bak files or reverse named dll's with either the same name or the file name in reverse & kill them as well. See above for examples

    Click on the Threads tab at the top.

    Once you have done that click OK again.

    Then open Killbox.

    -> Choose Delete on Reboot
    -> Click All Files option.

    Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

    C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\yayyxxy.dll
    C:\WINDOWS\ielocales.dll
    C:\WINDOWS\system32\vslcupwt.dll
    C:\WINDOWS\system32\ddeeg.*
    C:\WINDOWS\system32\yxxyyay.*
    C:\WINDOWS\system32\twpuclsv.*

    Then go back to Killbox
    -> go to File
    -> choose Paste from Clipboard
    -> Click the red-white Delete File option.
    -> Click Yes to Delete on Reboot question
    -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
    -> Restart your computer if Killbox won't do it.

    (If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)

    After comp is restarted, try scan vundofix and send a log
    Send a fresh hijack log too :D
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Okei now instructions are ready :D
  • Mgd
    edited February 2007
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:21:54 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\winzwr32.dllx
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jesmwni.dllx Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
    Attempting to delete C:\WINDOWS\system32\winzwr32.dllx
    C:\WINDOWS\system32\winzwr32.dllx Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:36:10 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\vtstu.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 03:10:29 18/02/2007
    Listing files found while scanning....
    No infected files were found.

    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 13:23:22 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\mllmj.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 21:33:05 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\geedd.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.bak2 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 22:21:49 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\hjkmp.bak1
    C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\pmkjh.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
    C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\hjkmp.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmkjh.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmkjh.dll Has been deleted!
    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 22:42:21, on 18/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Medion Info Display\MdionLCM.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Micheal Donnellan(Administrator)
    was started @ Sunday, February 18, 2007, 3:23 AM

    # 1 [Files to Delete]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    # 2 [Files to Delete]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    # 3 [Files to Delete]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    Killbox Closed(Exit) @ 3:29:33 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Micheal Donnellan(Administrator)
    was started @ Sunday, February 18, 2007, 3:30 AM

    # 1 [Files to Delete]
    Path = C:\WINDOWS\system32\jkhhe.dll
    *This file does not seem to exist

    # 2 [Files to Delete]
    Path = C:\WINDOWS\system32\jkhhe.dll
    *This file does not seem to exist

    # 3 [Files to Delete]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    # 4 [Delete on Reboot]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:32:05 AM
    # 5 [Delete on Reboot]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:39:14 AM
    Killbox Closed(Exit) @ 3:40:01 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Micheal Donnellan(Administrator)
    was started @ Sunday, February 18, 2007, 1:20 PM

    # 1 [Files to Delete]
    Path = C:\WINDOWS\system32\yayyxxy.dll
    *This File could not be Deleted

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Micheal Donnellan(Administrator)
    was started @ Sunday, February 18, 2007, 2:59 PM

    Killbox Closed(Exit) @ 3:15:56 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Micheal Donnellan(Administrator)
    was started @ Sunday, February 18, 2007, 10:16 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\yayyxxy.dll

    # 2 [Delete on Reboot]
    Path = C:\WINDOWS\ielocales.dll

    I Rebooted @ 10:17:54 PM
    Killbox Closed(Exit) @ 10:17:57 PM
    __________________________________________________


    VundoFix came up with 4 file when I scanned do I told it to delete Vundo. had to manually restart as it froze again. then went to delete file and restarted agin. and then made HiJack log.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    It has gone from Hijack log. To ensure that Please do do follows:


    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Then click Add more files
    Copy and insert follow lines in TWO uppers box:

    C:\WINDOWS\system32\yayyxxy.dll
    C:\WINDOWS\system32\yxxyyay.*

    * Clikc Add Files and then Click Close Window.
    * When scan is ready, Cklick Remove Vundo.
    * Ansver "yes", when its asking to perform remov
    * After that your desktop disappeared,Its normal.
    * When fix is ready, It inform you to boot comp Click OK.
    * Send C:\vundofix.txt and a Fresh HijackThis log.
  • Mgd
    edited February 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 13:50:54, on 19/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Medion Info Display\MdionLCM.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:21:54 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\winzwr32.dllx
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jesmwni.dllx
    C:\WINDOWS\system32\jesmwni.dllx Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
    Attempting to delete C:\WINDOWS\system32\winzwr32.dllx
    C:\WINDOWS\system32\winzwr32.dllx Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 02:36:10 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\vtstu.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 03:10:29 18/02/2007
    Listing files found while scanning....
    No infected files were found.

    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 13:23:22 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\mllmj.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\jmllm.bak1
    C:\WINDOWS\system32\jmllm.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 21:33:05 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\geedd.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak1
    C:\WINDOWS\system32\ddeeg.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.bak2
    C:\WINDOWS\system32\ddeeg.bak2 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 22:21:49 18/02/2007
    Listing files found while scanning....
    C:\WINDOWS\system32\hjkmp.bak1
    C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\pmkjh.dll
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
    C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!
    Attempting to delete C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\hjkmp.ini Has been deleted!
    Attempting to delete C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmkjh.dll Could not be deleted.
    Performing Repairs to the registry.
    Done!
    Beginning removal...
    Attempting to delete C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmkjh.dll Has been deleted!
    Performing Repairs to the registry.
    Done!
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 13:31:35 19/02/2007
    Listing files found while scanning....
    No infected files were found.

    Beginning removal...
    Performing Repairs to the registry.
    Done!


    I am still getting DriveCleaner popups.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Please send the newest vundofix.txt. You have sent old ones a few times :D

    Still vundo seems to be gone :D
    Scan started at 02:21:54 18/02/2007



    Please run the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!

    * Follow the Instruction
    Here
    for installation.
    * Accept the License Agreement.
    * Once the ActiveX installs,Click Full System Scan
    * Once the download completes,the scan will begin automatically.
    * The scan will take some time to finish,so please be patient.
    * When the scan completes, click the Automatic cleaning
    (recommended) button.
    * Click the Show Report button and Copy&Paste the entire report
    in your next reply.
  • Mgd
    edited February 2007
    VundoFix V6.3.6
    Checking Java version...
    Java version is 1.5.0.4
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Scan started at 13:31:35 19/02/2007
    Listing files found while scanning....
    No infected files were found.

    Beginning removal...
    Performing Repairs to the registry.
    Done!

    going to run the F-Secure Online Scanner now
  • Mgd
    edited February 2007
    Currently cleaning: Adware.Podcast
    Action: Disinfect & Submit


    It appears to be stuck on this for quite a while 3/4 hour so far.
    Adware.Podcast is found by Spybot - Search & Destroy. and it says its deleted but keeps reshowing.
  • Mgd
    edited February 2007
    Scanning Report

    Monday, February 19, 2007 15:10:57 - 17:18:11

    Computer name: COMPUTERNAME
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ D:\ E:\
    Result: 6 malware found

    Adware.Podcast (spyware)
    • System (Submitted)
    DriveCleaner (spyware)
    • System
    Stealth_process (hidden item)
    • C:\WINDOWS\MSSRV.EXE (Submitted)
    Tracking Cookie (spyware)
    • System (Disinfected)
    • System
    • System
    Statistics

    Scanned:
    • Files: 62693
    • System: 7846
    • Not scanned: 9
    Actions:
    • Disinfected: 1
    • Renamed: 0
    • Deleted: 0
    • None: 5
    • Submitted: 2
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\TEMPFILE
    • C:\WINDOWS\TEMP\SQLITE_DCOSZZT1XASHCZ8
    • C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\DOCUMENTS AND SETTINGS\MICHEAL DONNELLAN\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS\BACKUPS\BACKUP-20070218-215322-337.DLL
    • C:\DOCUMENTS AND SETTINGS\MICHEAL DONNELLAN\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS\BACKUPS\BACKUP-20070218-230651-397.DLL
    • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0237\0192\VALUES
    Options

    Scanning engines:
    • F-Secure Libra: 2.4.2, 2007-02-14
    • F-Secure AVP: 7.0.171, 2007-02-19
    • F-Secure Orion: 1.2.37, 2007-02-19
    • F-Secure Blacklight: 1.0.53, 0000-00-00
    • F-Secure Draco: 1.0.35, 0260-02-44
    • F-Secure Pegasus: 1.19.0, 2007-01-12
    Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
    • Use Advanced heuristics
    • Copyright © 1998-2006 Product support |Send virus sample to F-Secure

      F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Update Spybot

    Please download AdAware.

    Follow all the instructions on this website to run a scan with both of these softwares.

    After that boot comp and send a fresh hijack log, then we clean the rests :D
  • Mgd
    edited February 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 17:26:48, on 19/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Medion Info Display\MdionLCM.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Did you scan with adaware ?

    How about, boot you your comp after scan ?

    I see, that there is F-secures onlinescanning files running :O :confused:
  • Mgd
    edited February 2007
    Ad-Aware SE Build 1.06r1
    Logfile Created on:19 February 2007 19:57:06
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R154 19.02.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Adware.Podcast(TAC index:3):3 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Definition File:
    =========================
    Definitions File Loaded:
    Reference Number : SE1R153 15.02.2007
    Internal build : 193
    File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
    File size : 1009128 Bytes
    Total size : 3290444 Bytes
    Signature data size : 3244513 Bytes
    Reference data size : 45419 Bytes
    Signatures total : 86893
    CSI Fingerprints total : 5967
    CSI data size : 287085 Bytes
    Target categories : 15
    Target families : 1048
    19-02-2007 19:52:21 Performing WebUpdate...
    Installing Update...
    Definitions File Loaded:
    Reference Number : SE1R154 19.02.2007
    Internal build : 194
    File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
    File size : 1019804 Bytes
    Total size : 3326009 Bytes
    Signature data size : 3283056 Bytes
    Reference data size : 42441 Bytes
    Signatures total : 87697
    CSI Fingerprints total : 6067
    CSI data size : 293501 Bytes
    Target categories : 15
    Target families : 1054

    19-02-2007 19:52:31 Success
    Update successfully downloaded and installed.

    Memory + processor status:
    ==========================
    Number of processors : 2
    Processor architecture : Intel Pentium IV
    Memory available:56 %
    Total physical memory:1046956 kb
    Available physical memory:583048 kb
    Total page file size:2519048 kb
    Available on page file:2189608 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2025040 kb
    OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
    Ad-Aware SE Settings
    ===========================
    Set : Search for low-risk threats
    Set : Move deleted files to Recycle Bin
    Set : Safe mode (always request confirmation)
    Set : Don't log streams smaller than 0 Bytes
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file
    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    19-02-2007 19:57:06 - Scan started. (Full System Scan)
    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 600
    ThreadCreationTime : 19-02-2007 19:50:39
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 656
    ThreadCreationTime : 19-02-2007 19:50:44
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 680
    ThreadCreationTime : 19-02-2007 19:50:45
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 728
    ThreadCreationTime : 19-02-2007 19:50:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe
    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 740
    ThreadCreationTime : 19-02-2007 19:50:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe
    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 908
    ThreadCreationTime : 19-02-2007 19:50:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 956
    ThreadCreationTime : 19-02-2007 19:50:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1024
    ThreadCreationTime : 19-02-2007 19:50:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1096
    ThreadCreationTime : 19-02-2007 19:50:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1180
    ThreadCreationTime : 19-02-2007 19:50:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:11 [lexbces.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1368
    ThreadCreationTime : 19-02-2007 19:50:47
    BasePriority : Normal
    FileVersion : 7.1
    ProductVersion : 7.1
    ProductName : MarkVision for Windows (32 bit)
    CompanyName : Lexmark International, Inc.
    FileDescription : LexBce Service
    InternalName : LexBce Service
    LegalCopyright : (C) 1993 - 2001 Lexmark International, Inc.
    OriginalFilename : LexBceS.exe
    #:12 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1408
    ThreadCreationTime : 19-02-2007 19:50:47
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe
    #:13 [lexpps.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1444
    ThreadCreationTime : 19-02-2007 19:50:47
    BasePriority : Normal
    FileVersion : 7.1
    ProductVersion : 7.1
    ProductName : MarkVision for Windows (32 bit)
    CompanyName : Lexmark International, Inc.
    FileDescription : LEXPPS.EXE
    InternalName : LEXPPS
    LegalCopyright : (C) 1993 - 2001 Lexmark International, Inc.
    OriginalFilename : LEXPPS.EXE
    Comments : MarkVision for Windows '95 New P2P Server (32-bit)
    #:14 [scardsvr.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1500
    ThreadCreationTime : 19-02-2007 19:50:47
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Smart Card Resource Management Server
    InternalName : SCardSvr.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : SCardSvr.exe
    #:15 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1668
    ThreadCreationTime : 19-02-2007 19:50:48
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE
    #:16 [rthdcpl.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1824
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 2.0.0.8
    ProductVersion : 2.0.0.8
    ProductName : Realtek HD Audio Sound Effect Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek HD Audio Control Panel
    LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
    OriginalFilename : RTHDCPL.EXE
    #:17 [cmucreye.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1836
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 1, 0, 0, 36
    ProductVersion : 1, 0, 0, 36
    ProductName : CmCardMonitor Application
    FileDescription : CmCardMonitor MFC Application
    InternalName : CmCardMonitor
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : CmWatch.EXE
    #:18 [mdionlcm.exe]
    FilePath : C:\Program Files\Medion Info Display\
    ProcessID : 1844
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 10, 11, 0, 2005
    ProductName : Dritek System Inc. MdionLCM
    CompanyName : Dritek System Inc.
    FileDescription : LCM Controller for Medion
    InternalName : MdionLCM
    LegalCopyright : Copyright © 2005
    OriginalFilename : MdionLCM.exe
    #:19 [mhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1852
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 3, 0, 0, 8
    ProductVersion : 3, 0, 0, 0
    ProductName : Multimedia Keyboard Driver
    FileDescription : Multimedia Keyboard Driver
    InternalName : Multimedia Hotkey Driver
    LegalCopyright : Copyright (c) 2004.
    OriginalFilename : mHotkey.res
    #:20 [cnyhkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1860
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 2, 2, 0, 0
    ProductVersion : 2, 2, 0, 0
    ProductName : Chicony Multimedia Driver
    CompanyName : Chicony
    FileDescription : Chicony Multimedia Driver
    InternalName : Multimedia Hotkey Driver
    LegalCopyright : Copyright (c) 2001 Chicony
    OriginalFilename : mHotkey.res
    #:21 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 1924
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Normal
    FileVersion : 0.1.0.3427
    ProductVersion : 0.1.0.3427
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe
    #:22 [pdvdserv.exe]
    FilePath : C:\Program Files\Home Cinema\PowerDVD\
    ProcessID : 1944
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Realtime
    FileVersion : 6.00.1027
    ProductVersion : 6.00.1027
    ProductName : PowerDVD
    CompanyName : Cyberlink Corp.
    FileDescription : PowerDVD RC Service
    InternalName : PowerDVD RC Service
    LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004
    OriginalFilename : PDVDSERV.EXE
    #:23 [pcmservice.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\
    ProcessID : 1968
    ThreadCreationTime : 19-02-2007 19:50:50
    BasePriority : Realtime
    FileVersion : 4, 5, 0, 0
    ProductVersion : 4, 5, 0, 0
    ProductName : Cyberlink PowerCinema
    CompanyName : CyberLink Corp.
    FileDescription : CyberLink PowerCinema Resident Program
    InternalName : CyberLink PowerCinema Resident Program
    LegalCopyright : Copyright (c) 2005 CyberLink Corp.
    OriginalFilename : PCMService.exe
    #:24 [hpztsb09.exe]
    FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
    ProcessID : 1976
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 2.245.1.0
    ProductVersion : 2.245.1.0
    ProductName : HP DeskJet
    CompanyName : HP
    LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2003
    #:25 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
    ProcessID : 1992
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal

    #:26 [lxsupmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2012
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 3.1.111.1
    ProductVersion : 3.1.111.1
    ProductName : Lexmark Supplies Monitor
    CompanyName : Lexmark International Inc.
    FileDescription : Supplies Monitor
    InternalName : LXSUPMON
    LegalCopyright : Copyright © 2002
    OriginalFilename : LXSUPMON.RC
    #:27 [fpdisp5a.exe]
    FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
    ProcessID : 212
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 5.50
    ProductVersion : 5.50
    ProductName : FinePrint
    CompanyName : FinePrint Software, LLC
    FileDescription : FinePrint
    LegalCopyright : Copyright (c) 1995-2005 FinePrint Software, LLC
    #:28 [realmon.exe]
    FilePath : C:\PROGRA~1\CA\ETRUST~1\
    ProcessID : 232
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 7.1.192.0
    ProductVersion : 7.1.192.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : Realmon.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : Realmon.exe
    Comments : eTrust Antivirus English Version
    #:29 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 260
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 7.1.3
    ProductVersion : QuickTime 7.1.3
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    FileDescription : QuickTime Task
    InternalName : QuickTime Task
    LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
    OriginalFilename : QTTask.exe
    #:30 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ProcessID : 268
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 4.7.3001
    ProductVersion : Version 4.7.3001
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Windows Messenger
    InternalName : msmsgs
    LegalCopyright : Copyright (c) Microsoft Corporation 2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msmsgs.exe
    #:31 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 300
    ThreadCreationTime : 19-02-2007 19:50:51
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE
    #:32 [adcdlicsvc.exe]
    FilePath : C:\Program Files\Common Files\Autodata Limited Shared\Service\
    ProcessID : 868
    ThreadCreationTime : 19-02-2007 19:50:55
    BasePriority : Normal
    FileVersion : 2.60.030
    ProductName : Autodata Limited License Service
    CompanyName : Autodata Limited
    FileDescription : System Level Service Utility
    #:33 [adskscsrv.exe]
    FilePath : C:\Program Files\Common Files\Autodesk Shared\Service\
    ProcessID : 1000
    ThreadCreationTime : 19-02-2007 19:50:56
    BasePriority : Normal
    FileVersion : 2.70.000
    ProductName : Autodesk Licensing Service
    CompanyName : Autodesk
    FileDescription : System Level Service Utility
    #:34 [clcapsvc.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
    ProcessID : 1068
    ThreadCreationTime : 19-02-2007 19:50:56
    BasePriority : Normal
    FileVersion : 4.05.2225
    ProductVersion : 4.05.2225
    ProductName : CLCapSvc Module
    FileDescription : CLCapSvc Module
    InternalName : CLCapSvc
    LegalCopyright : Copyright 2004
    OriginalFilename : CLCapSvc.EXE
    #:35 [clmlserver.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\
    ProcessID : 1116
    ThreadCreationTime : 19-02-2007 19:50:56
    BasePriority : Normal
    FileVersion : 2, 1, 0, 2221
    ProductVersion : 2, 1, 0, 2221
    ProductName : Cyberlink Media Library Server
    CompanyName : Cyberlink
    FileDescription : NT CLMLServer
    InternalName : NT CLMLServer
    LegalCopyright : Copyright c 2004
    OriginalFilename : CLMLServer.exe
    #:36 [inorpc.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1260
    ThreadCreationTime : 19-02-2007 19:50:57
    BasePriority : Normal
    FileVersion : 7.1.192.0
    ProductVersion : 7.1.192.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoRpc.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoRpc.exe
    Comments : eTrust Antivirus English Version
    #:37 [inort.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1280
    ThreadCreationTime : 19-02-2007 19:50:57
    BasePriority : Normal
    FileVersion : 7.1.192.0
    ProductVersion : 7.1.192.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoRT.dll
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoRT.dll
    Comments : eTrust Antivirus English Version
    #:38 [inotask.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1516
    ThreadCreationTime : 19-02-2007 19:50:57
    BasePriority : Normal
    FileVersion : 7.1.192.0
    ProductVersion : 7.1.192.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoTask.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoTask.exe
    Comments : eTrust Antivirus English Version
    #:39 [lssrvc.exe]
    FilePath : C:\Program Files\Common Files\LightScribe\
    ProcessID : 1560
    ThreadCreationTime : 19-02-2007 19:50:58
    BasePriority : Normal
    FileVersion : 1.4.39.1
    ProductName : LightScribe
    CompanyName : Hewlett-Packard Company
    LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
    OriginalFilename : LSSrvc.exe
    #:40 [raysat_3dsmax9_32server.exe]
    FilePath : D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\
    ProcessID : 1904
    ThreadCreationTime : 19-02-2007 19:50:58
    BasePriority : Normal

    #:41 [nvsvc32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 860
    ThreadCreationTime : 19-02-2007 19:51:01
    BasePriority : Normal
    FileVersion : 6.14.10.8182
    ProductVersion : 6.14.10.8182
    ProductName : NVIDIA Driver Helper Service, Version 81.82
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 81.82
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe
    #:42 [richvideo.exe]
    FilePath : C:\Program Files\CyberLink\Shared Files\
    ProcessID : 2072
    ThreadCreationTime : 19-02-2007 19:51:01
    BasePriority : Normal
    FileVersion : 1.1.0808
    ProductVersion : 1.1.0808
    ProductName : RichVideo Module
    FileDescription : RichVideo Module
    InternalName : RichVideo
    LegalCopyright : Copyright 2004
    OriginalFilename : RichVideo.EXE
    #:43 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2148
    ThreadCreationTime : 19-02-2007 19:51:01
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe
    #:44 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2204
    ThreadCreationTime : 19-02-2007 19:51:01
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe
    #:45 [clsched.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
    ProcessID : 2272
    ThreadCreationTime : 19-02-2007 19:51:01
    BasePriority : Normal
    FileVersion : 4.05.2225
    ProductVersion : 4.05.2225
    ProductName : CLSched Module
    FileDescription : CLSched Module
    InternalName : CLSched
    LegalCopyright : Copyright 2004
    OriginalFilename : CLSched.EXE
    #:46 [x10nets.exe]
    FilePath : C:\PROGRA~1\COMMON~1\X10\Common\
    ProcessID : 2648
    ThreadCreationTime : 19-02-2007 19:51:05
    BasePriority : Realtime
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : x10 Module
    CompanyName : X10
    FileDescription : X10 Module
    InternalName : x10
    LegalCopyright : Copyright 1999 X10
    OriginalFilename : x10.exe
    #:47 [scannerfinder.exe]
    FilePath : C:\Program Files\Microtek\ScanWizard 5\
    ProcessID : 2772
    ThreadCreationTime : 19-02-2007 19:51:06
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : SDII Application
    FileDescription : SDII MFC Application
    InternalName : SDII
    LegalCopyright : Copyright (C) 2000
    OriginalFilename : SDII.EXE
    #:48 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3240
    ThreadCreationTime : 19-02-2007 19:51:13
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe
    #:49 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3584
    ThreadCreationTime : 19-02-2007 19:51:25
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved
    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Adware.Podcast Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{967a494a-6aec-4555-9caf-fa6eb00acf91}
    Adware.Podcast Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5}
    Adware.Podcast Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226}
    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 3
    Objects found so far: 3

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Deep scanning and examining files (E:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Disk Scan Result for E:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 3


    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3
    20:26:19 Scan Complete
    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:29:12.828
    Objects scanned:385648
    Objects identified:3
    Objects ignored:0
    New critical objects:3
  • Mgd
    edited February 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 20:32:52, on 19/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Medion Info Display\MdionLCM.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Mgd
    edited February 2007
    Scanning Report

    Monday, February 19, 2007 17:22:05 - 19:34:24

    Computer name: COMPUTERNAME
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ D:\ E:\
    Result: 4 malware found

    Adware.Podcast (spyware)
    • System (Disinfected)
    DriveCleaner (spyware)
    • System (Disinfected)
    Stealth_process (hidden item)
    • C:\WINDOWS\MSSRV.EXE (Submitted)
    Tracking Cookie (spyware)
    • System (Disinfected)
    Statistics

    Scanned:
    • Files: 62862
    • System: 7855
    • Not scanned: 7
    Actions:
    • Disinfected: 3
    • Renamed: 0
    • Deleted: 0
    • None: 1
    • Submitted: 1
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\TEMPFILE
    • C:\WINDOWS\TEMP\SQLITE_DCOSZZT1XASHCZ8
    • C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0237\0192\VALUES
    Options

    Scanning engines:
    • F-Secure Libra: 2.4.2, 2007-02-14
    • F-Secure AVP: 7.0.171, 2007-02-19
    • F-Secure Orion: 1.2.37, 2007-02-19
    • F-Secure Blacklight: 1.0.53, 0000-00-00
    • F-Secure Draco: 1.0.35, 0260-02-44
    • F-Secure Pegasus: 1.19.0, 2007-01-12
    Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
    • Use Advanced heuristics
      Copyright © 1998-2006 Product support |Send virus sample to F-Secure

      F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

    • Mgd
      edited February 2007
      To add to the 3 logs Spybot found
      Smitfraud-C.Toolbar888
      DeepDive

      and Ethrust antivirus came up with this when AdAware was scanning.
      The Win32/Aflac.D was detected in C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3A81395-6388-4F2D-9624-04AFEC1E377A}\RP438\A0114077.DLL.
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      Please open The Killbox.

      -> Choose Delete on Reboot
      -> Click All Files option.

      Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

      C:\WINDOWS\MSSRV.EXE*

      Then go back to Killbox
      -> go to File
      -> choose Paste from Clipboard
      -> Click the red-white Delete File option.
      -> Click Yes to Delete on Reboot question
      -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
      -> Restart your computer if Killbox won't do it.

      (If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/download...gfilesetup.exe)

      After comp is restarted,

      Scan hijack this ,and check

      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

      Close all programs exept hijack and click fix checked

      Boot comp.

      Send a fresh hijack log and tell is there problem anymore :D
    • Mgd
      edited February 2007
      Logfile of HijackThis v1.99.1
      Scan saved at 21:06:48, on 19/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\Program Files\Medion Info Display\MdionLCM.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\LXSUPMON.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
      C:\WINDOWS\system32\imapi.exe
      C:\WINDOWS\system32\wuauclt.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
      O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
      O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


      just got 2 DriveCleaner popups. is this site infected?
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      No, i dont think so. Drivecleaner is adverticing program, which runs in victims computer.

      Download ATF-Cleaner by Atribune to your desktop.

      Do not run it yet.

      Run ATF Cleaner Under Main choose: Select All
      Click the Empty Selected button.

      If you use Firefox browser Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      If you use Opera browser Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      Click Exit on the Main menu to close the program.

      Boot comp.

      Look to Add/remove application in yor control panell.

      If there is Drive cleaner, Uninstall it.

      Please open win dows explorer and navicate to program files folder.

      If there is Drive cleaner folder, delete it.

      Examble
      C:\ProgramFiles\DriveCleaner 2006 Free
      C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner 2006 Free

      If founds and they cant delete, go to safe mode.

      INSTRUCTIONS

      Run in the safe mode atf cleaner too.

      Boot normally.

      Send a fresh hijack log
      :)
    • Mgd
      edited February 2007
      Logfile of HijackThis v1.99.1
      Scan saved at 21:48:53, on 19/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\Program Files\Medion Info Display\MdionLCM.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\LXSUPMON.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
      C:\WINDOWS\system32\wuauclt.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
      O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
      O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      this anything to worry about??
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      Good, i didnt remember that.

      Please open The Killbox.

      -> Choose Delete on Reboot
      -> Click All Files option.

      Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

      C:\WINDOWS\ielocales.dll

      Then go back to Killbox
      -> go to File
      -> choose Paste from Clipboard
      -> Click the red-white Delete File option.
      -> Click Yes to Delete on Reboot question
      -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
      -> Restart your computer if Killbox won't do it.

      Send a killbox log.
    • Mgd
      edited February 2007
      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Sunday, February 18, 2007, 3:23 AM

      # 1 [Files to Delete]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      # 2 [Files to Delete]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      # 3 [Files to Delete]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      Killbox Closed(Exit) @ 3:29:33 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Sunday, February 18, 2007, 3:30 AM

      # 1 [Files to Delete]
      Path = C:\WINDOWS\system32\jkhhe.dll
      *This file does not seem to exist

      # 2 [Files to Delete]
      Path = C:\WINDOWS\system32\jkhhe.dll
      *This file does not seem to exist

      # 3 [Files to Delete]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      # 4 [Delete on Reboot]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:32:05 AM
      # 5 [Delete on Reboot]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:39:14 AM
      Killbox Closed(Exit) @ 3:40:01 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Sunday, February 18, 2007, 1:20 PM

      # 1 [Files to Delete]
      Path = C:\WINDOWS\system32\yayyxxy.dll
      *This File could not be Deleted

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Sunday, February 18, 2007, 2:59 PM

      Killbox Closed(Exit) @ 3:15:56 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Sunday, February 18, 2007, 10:16 PM

      # 1 [Delete on Reboot]
      Path = C:\WINDOWS\system32\yayyxxy.dll

      # 2 [Delete on Reboot]
      Path = C:\WINDOWS\ielocales.dll

      I Rebooted @ 10:17:54 PM
      Killbox Closed(Exit) @ 10:17:57 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Monday, February 19, 2007, 9:00 PM

      # 1 [Delete on Reboot]
      Path = C:\WINDOWS\MSSRV.EXE

      I Rebooted @ 9:00:37 PM
      Killbox Closed(Exit) @ 9:00:40 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Monday, February 19, 2007, 9:31 PM

      # 1 [Delete on Reboot]
      Path = C:\WINDOWS\ielocales.dll

      I Rebooted @ 9:31:56 PM
      Killbox Closed(Exit) @ 9:32:02 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Monday, February 19, 2007, 10:01 PM

      Killbox Closed(Exit) @ 10:01:56 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Micheal Donnellan(Administrator)
      was started @ Monday, February 19, 2007, 10:02 PM

      # 1 [Delete on Reboot]
      Path = C:\WINDOWS\ielocales.dll

      I Rebooted @ 10:02:45 PM
      Killbox Closed(Exit) @ 10:02:48 PM
      __________________________________________________
    • Mgd
      edited February 2007
      Logfile of HijackThis v1.99.1
      Scan saved at 22:06:42, on 19/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\Program Files\Medion Info Display\MdionLCM.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\LXSUPMON.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
      O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
      O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      Please Send a fresh hijacklog too :D
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      Download ComboScan to your Desktop.


      1. Close all applications and windows.
      2. Double-click on comboscan.exe to run it, and follow the prompts.
      3. When the scan is complete, a text file will open - ComboScan.txt
      4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread.
      5. A folder, C:ComboScan, will also open. In it will be another text file, Supplementary.txt.
      6. Please attach Supplementary.txt to your post.


      Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so
    • Mgd
      edited February 2007
      New log
      Logfile of HijackThis v1.99.1
      Scan saved at 22:10:45, on 19/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\Program Files\Medion Info Display\MdionLCM.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\LXSUPMON.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
      O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
      O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    • Mgd
      edited February 2007
      ComboScan v20070212.14 run by Micheal Donnellan on 2007-02-19 at 22:12:59
      Computer is in Normal Mode.
      Successfully created restore point.
      Performed disk cleanup.

      -- HijackThis log (run as Micheal Donnellan.com)
      Logfile of HijackThis v1.99.1
      Scan saved at 22:13:45, on 19/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\Program Files\Medion Info Display\MdionLCM.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\LXSUPMON.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Documents and Settings\Micheal Donnellan\Desktop\comboscan.exe
      C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\~aswygud.tmp\Micheal Donnellan.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
      O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
      O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      -- HijackThis Fixed Entries (C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\backups\)
      backup-20061027-205325-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
      backup-20061027-205455-590 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      backup-20061027-205455-663 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      backup-20061027-205705-696 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
      backup-20061027-211413-564 O4 - HKLM\..\Run: [jesmwni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jesmwni.dll,nubufhc
      backup-20061027-213826-312 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvrow.dll,startup
      backup-20070218-011552-981 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
      backup-20070218-013912-157 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
      backup-20070218-013912-706 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
      backup-20070218-013912-762 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      backup-20070218-013912-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      backup-20070218-031938-398 O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      backup-20070218-131747-412 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
      backup-20070218-131747-807 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
      backup-20070218-131801-803 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
      backup-20070218-131801-918 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
      backup-20070218-132236-303 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
      backup-20070218-132236-496 O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
      backup-20070218-132236-628 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
      backup-20070218-132236-827 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll
      backup-20070218-204556-145 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
      backup-20070218-204556-240 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll (file missing)
      backup-20070218-204556-261 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
      backup-20070218-204556-450 O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
      backup-20070218-204556-460 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
      backup-20070218-204556-635 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\jkaiadbl.dll (file missing)
      backup-20070218-215322-296 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
      backup-20070218-215322-337 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
      backup-20070218-215322-558 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
      backup-20070218-215322-608 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
      backup-20070218-230651-114 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
      backup-20070218-230651-344 O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
      backup-20070218-230651-397 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
      backup-20070218-230651-425 O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
      backup-20070218-230651-719 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
      backup-20070218-230651-939 O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
      backup-20070219-210358-911 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

      -- File Associations
      .bat - batfile - "%1" %*
      .chm - chm.file - "C:\WINDOWS\hh.exe" %1
      .com - comfile - "%1" %*
      .exe - exefile - "%1" %*
      .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
      .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
      .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
      .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
      .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
      .pif - piffile - "%1" %*
      .reg - regfile - regedit.exe "%1"
      .scr - AutoCADScriptFile - "C:\WINDOWS\system32\notepad.exe" "%1"
      .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
      .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
      3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
      3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - System32\Drivers\AdfuUd.sys
      2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - system32\DRIVERS\AegisP.sys
      3 AgereSoftModem (Creatix V.92 Data Fax Modem) - system32\DRIVERS\AGRSM.sys
      1 aiptektp (HyperPen) - system32\DRIVERS\aiptektp.sys
      3 akshasp (Aladdin HASP Key) - system32\DRIVERS\akshasp.sys
      3 aksusb (Aladdin USB Key) - system32\DRIVERS\aksusb.sys
      3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
      2 atksgt - system32\DRIVERS\atksgt.sys
      3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
      3 CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - system32\DRIVERS\cmiucr.SYS
      2 driverpp (Plug and Play Support Driver) - \??\C:\WINDOWS\system32\Locales\driverpp.sys
      3 FTDIBUS (USB Serial Converter Driver) - system32\drivers\ftdibus.sys
      3 FTSER2K (USB Serial Port Driver) - system32\drivers\ftser2k.sys
      2 Hardlock - \??\C:\WINDOWS\system32\drivers\hardlock.sys
      2 Haspnt - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
      3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
      3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
      3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
      3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
      3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
      1 hwinterface - System32\Drivers\hwinterface.sys
      3 Imx5123 - system32\drivers\Imx5123.sys
      0 INO_FLPY - system32\Drivers\ino_flpy.sys
      2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
      3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
      1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
      1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
      2 lirsgt - system32\DRIVERS\lirsgt.sys
      3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
      3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
      3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
      3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
      3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
      3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
      3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
      3 Nokia USB Modem - system32\drivers\nmwcdcm.sys
      3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys
      3 nv - system32\DRIVERS\nv4_mini.sys
      0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
      2 Par1284 - \??\C:\Program Files\Flexi P-Cut Apprentice 7.5v5\Program\Par1284.sys
      0 PCIIde - system32\DRIVERS\pciide.sys
      1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
      0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
      0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
      0 PxHelp20 - System32\Drivers\PxHelp20.sys
      3 RT2500USB (RT2500 USB Wireless LAN Driver) - system32\DRIVERS\rt2500usb.sys
      3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
      2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
      0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
      3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
      0 sptd - System32\Drivers\sptd.sys
      3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
      3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
      3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
      3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
      3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
      3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
      3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
      3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
      3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
      3 XUIF (X10 USB Wireless Transceiver) - System32\Drivers\x10ufx2.sys

      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
      3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
      3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
      2 Autodata Limited License Service - "C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe"
      2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
      2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
      3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      2 CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
      2 CyberLink Media Library Service - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
      2 Fax - %systemroot%\system32\fxssvc.exe
      3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
      2 InoRPC (eTrust Antivirus RPC Server) - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
      2 InoRT (eTrust Antivirus Realtime Server) - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
      2 InoTask (eTrust Antivirus Job Server) - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
      2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
      2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
      2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
      2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
      2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
      3 sassvc (ProgramCheckerPro) - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
      2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
      3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe
      3 WmcCdsLs (Windows Media Connect (WMC) Helper) - C:\Program Files\Windows Media Connect\mswmcls.exe
      3 x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      -- Scheduled Tasks
      2007-02-19 20:43:01 284 --a
      C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

      -- Files created between 2007-01-19 and 2007-02-19
      2007-02-19 22:04:09 69632 --a
      C:\WINDOWS\ielocales.dll<IELOCA~1.DLL><Unsigned: n/a>
      2007-02-18 20:48:14 4420 --a
      C:\WINDOWS\system32\tmp.reg
      2007-02-18 20:47:45 79360 --a
      C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
      2007-02-18 20:47:45 40960 --a
      C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
      2007-02-18 20:47:45 135168 --a
      C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
      2007-02-18 20:47:45 288417 --a
      C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
      2007-02-18 20:47:45 53248 --a
      C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
      2007-02-18 20:47:45 51200 --a
      C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
      2007-02-18 16:43:56 0 d
      C:\WINDOWS\BDOSCAN8
      2007-02-18 16:42:15 0 d
      C:\Program Files\SpywareBlaster<SPYWAR~1>
      2007-02-18 03:48:53 0 d
      C:\Documents and Settings\Administrator\Application Data\Lavasoft
      2007-02-18 03:46:43 0 d
      C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
      2007-02-18 03:46:43 0 d
      C:\Documents and Settings\Administrator\Application Data\Real
      2007-02-18 03:46:43 0 d
      C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
      2007-02-18 03:46:43 0 d
      C:\Documents and Settings\Administrator\Application Data\AOL
      2007-02-18 03:46:43 0 d
      C:\Documents and Settings\Administrator\Application Data\Adobe
      2007-02-18 03:46:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
      2007-02-18 03:46:41 1572864 --ah
      C:\Documents and Settings\Administrator\NTUSER.DAT
      2007-02-18 03:42:15 0 d
      C:\Avenger
      2007-02-18 03:23:36 0 d
      C:\!KillBox
      2007-02-18 02:21:54 0 d
      C:\VundoFix Backups<VUNDOF~1>
      2007-02-18 00:11:48 69120 --a
      C:\WINDOWS\mssrv.exe<Unsigned: n/a>
      2007-02-18 00:11:47 0 d
      C:\WINDOWS\system32\Locales
      2007-02-18 00:11:47 32768 --a
      C:\WINDOWS\mslocales.exe<MSLOCA~1.EXE><Unsigned: n/a>
      2007-02-17 22:14:17 0 d
      C:\Documents and Settings\Micheal Donnellan\Application Data\Apple Computer<APPLEC~1>
      2007-02-17 22:11:43 0 d
      C:\Program Files\QuickTime<QUICKT~1>
      2007-02-17 22:11:22 0 d
      C:\Program Files\Apple Software Update<APPLES~1>
      2007-02-17 22:11:11 0 d
      C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
      2007-02-10 22:57:01 118520
      n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
      2007-02-10 22:57:01 116472
      n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
      2007-02-10 22:57:01 129784
      n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
      2007-02-10 22:57:01 36624
      n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
      2007-02-10 22:57:01 2560
      n--- C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
      2007-02-10 22:57:01 2432
      n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
      2007-02-07 00:27:56 0 d
      C:\Documents and Settings\All Users\Application Data\Trymedia
      2007-02-07 00:26:55 0 d
      C:\Program Files\Virtual Villagers<VIRTUA~1>
      2007-02-07 00:26:55 0 d
      C:\Program Files\BFG
      2007-02-01 04:56:06 823296 --a
      C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
      2007-02-01 04:56:05 802816 --a
      C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
      2007-02-01 04:56:05 823296 --a
      C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
      2007-02-01 04:56:04 639066 --a
      C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
      2007-01-31 23:23:11 0 d
      C:\Program Files\Common Files\NSV
      2007-01-31 21:27:01 524288 --a
      C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
      2007-01-30 23:21:16 0 d
      C:\Program Files\Kelloggs Horrible Science<KELLOG~2>
      2007-01-30 23:15:10 118784 --a
      C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
      2007-01-30 05:03:40 3596288 --a
      C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
      2007-01-30 05:03:26 200704 --a
      C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
      2007-01-30 05:03:26 1044480 --a
      C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
      2007-01-30 04:56:56 196608 --a
      C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
      2007-01-30 04:56:56 73728 --a
      C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
      2007-01-30 04:56:54 53248 --a
      C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
      2007-01-30 04:56:52 57344 --a
      C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
      2007-01-30 04:56:52 344064 --a
      C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
      2007-01-30 04:56:52 593920 --a
      C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
      2007-01-30 04:56:52 294912 --a
      C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
      2007-01-30 04:56:52 294912 --a
      C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
      2007-01-24 02:04:43 487424 -ra
      C:\WINDOWS\system32\msvcp70.dll<Unsigned: Microsoft Corporation>
      2007-01-23 21:36:20 0 d
      C:\Program Files\MagicISO

      -- Find3M Report
      2007-02-18 18:57:31 0 d
      C:\Program Files\Gothic III<GOTHIC~2>
      2007-02-16 22:53:05 0 d
      C:\Program Files\Paint Shop Pro 5<PAINTS~1>
      2007-02-16 13:14:12 0 d
      C:\Program Files\CA
      2007-02-15 13:22:22 0 d
      C:\Documents and Settings\Micheal Donnellan\Application Data\Adobe
      2007-02-10 22:57:09 0 d
      C:\Program Files\DivX
      2007-02-07 02:13:11 0 d
      C:\Documents and Settings\Micheal Donnellan\Application Data\uTorrent
      2007-01-31 01:55:13 31952 --a
      C:\Documents and Settings\Micheal Donnellan\Application Data\wklnhst.dat
      2007-01-30 23:21:16 0 d--h
      C:\Program Files\InstallShield Installation Information<INSTAL~1>
      2007-01-27 17:13:51 123176 --a
      C:\Documents and Settings\Micheal Donnellan\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
      2007-01-27 16:36:15 0 d
      C:\Documents and Settings\Micheal Donnellan\Application Data\AdobeUM
      2007-01-23 22:38:53 0 d
      C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
      2007-01-23 22:34:28 0 d
      C:\Program Files\Autodesk
      2007-01-03 20:02:37 0 d
      C:\Program Files\Bethesda Softworks<BETHES~1>
      2007-01-02 14:55:07 271360 --a
      C:\WINDOWS\system32\drivers\atksgt.sys<Unsigned: n/a>
      2007-01-02 14:55:06 18048 --a
      C:\WINDOWS\system32\drivers\lirsgt.sys<Unsigned: n/a>
      2007-01-02 14:21:15 0 d
      C:\Program Files\Gothic III Demo<GOTHIC~1>
      2007-01-02 14:20:57 0 d
      C:\Program Files\Postal2STP<POSTAL~1>
      2007-01-02 14:19:33 0 d
      C:\Program Files\The Guild 2<THEGUI~1>
      2007-01-01 04:56:12 0 d
      C:\Program Files\Singular Inversions<SINGUL~1>
      2007-01-01 04:06:22 3026 --a
      C:\WINDOWS\system32\drivers\hwinterface.sys<HWINTE~1.SYS><Unsigned: Logix4u>
      2006-12-23 22:07:12 0 d
      C:\Documents and Settings\Micheal Donnellan\Application Data\Skype
      2006-12-23 14:25:39 0 d---s---- C:\Documents and Settings\Micheal Donnellan\Application Data\Microsoft<MICROS~1>
      2006-12-21 18:18:36 0 d
      C:\Program Files\AoA Audio Extractor<AOAAUD~1>
      2006-12-12 16:24:42 12288 --a
      C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
      2006-11-28 17:50:25 832744 --a
      C:\WINDOWS\dbplugin.exe<Signed: n/a>

      -- Registry Dump

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "Avro Keyboard"=""
      "µTorrent"="\"C:\\Documents and Settings\\Micheal Donnellan\\My Documents\\My files\\Torrent go here\\utorrent\\utorrent.exe\""
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
      "nwiz"="nwiz.exe /install"
      "RTHDCPL"="RTHDCPL.EXE"
      "CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
      "MedionVFD"="\"C:\\Program Files\\Medion Info Display\\MdionLCM.exe\""
      "CHotkey"="mHotkey.exe"
      "ledpointer"="CNYHKey.exe"
      "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
      "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
      "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
      "AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
      "RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
      "PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
      "InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
      "Pop-Up Stopper"="\"K:\\BACK UP PROGRAMS\\Panicware\\Pop-Up Stopper\\dpps2.exe\""
      "zSPGuard"="k:\\back up programs\\pjw\\startpage guard\\spguard.exe /s "
      "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
      "PCSuiteTrayApplication"="K:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
      "LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
      "FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
      "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
      "Installed"="1"
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
      "Installed"="1"
      "NoChange"="1"
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
      "Installed"="1"
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvziw.dll,startup"
      @=&quot;"
      "lteptcg.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Micheal Donnellan\\Local Settings\\Application Data\\lteptcg.dll\",qtokvvf"
      "syswin"="C:\\WINDOWS\\system32\\v6.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "mslocales"="C:\\WINDOWS\\mslocales.exe"
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
      "{F001827A-0BB7-6153-1007-050922050161}"="\"C:\\Program Files\\Common Files\\{F001827A-0BB7-6153-1007-050922050161}\\Update.exe\" mc-110-12-0000272"
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
      HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
      LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
      NetworkService REG_MULTI_SZ DnsCache\0\0
      DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
      rpcss REG_MULTI_SZ RpcSs\0\0
      imgsvc REG_MULTI_SZ StiSvc\0\0
      termsvcs REG_MULTI_SZ TermService\0\0

      -- End of ComboScan: finished at 2007-02-19 at 22:14:38
    • NuppiNuppi South Ostrobothnia (Finland)
      edited February 2007
      Please open The Killbox.

      -> Choose Delete on Reboot
      -> Click All Files option.

      Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

      C:\WINDOWS\ielocales.dll
      C:\WINDOWS\mssrv.exe
      C:\WINDOWS\mslocales.exe
      C:\WINDOWS\system32\drvziw.dll
      C:\Documents and Settings\Micheal Donnellan\Local Settings\Application Data\lteptcg.dll

      Then go back to Killbox
      -> go to File
      -> choose Paste from Clipboard
      -> Click the red-white Delete File option.
      -> Click Yes to Delete on Reboot question
      -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
      -> Restart your computer if Killbox won't do it.

      Send a killbox log and afresh hijack log
    This discussion has been closed.