Problem with winantivirus/systemdoctor popups

wadet · May 2007

Hi,

Having major problems with popups such as jack9, winantivirus, systemdoctor amoung others .. thanks in advance for you help

HIJACK LOG

Logfile of HijackThis v1.99.1
Scan saved at 12:52:25 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fvbhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\ugshsixg.dll",setvm
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\edfuqodj.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lfuzxus.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121405525059
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132899976599
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/3.0.00.45/Control/IRCSharc.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qualifier/static/controls/WebflowActiveX.CAB
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entertainment.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Kaspersky Scan
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 02, 2007 12:29:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/05/2007
Kaspersky Anti-Virus database records: 311498

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 197724
Number of viruses found: 14
Number of infected objects: 26 / 0
Number of suspicious objects: 4
Duration of the scan process: 02:35:42
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18b9eb43940c71d068dd4124981ed56e_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c93a69c79cc92e2aabd0431bd0c9c6c_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ccbcbc0b238d3f7ec76c937aaf90f6f_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24409c67260f8cce25b680b3b7d69fcb_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2861205f1c8692d3ed8ee3dc201f6694_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29b1f18e0e59b2ce7350029ccb3b4529_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33b246033bce778f6ba5bc900b32c92e_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35bded6105db271b2b9176c1e9fc8b05_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48b183963e96bf0fd36a0a75e6187026_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a1440df303476b352f42ca93f77f88d_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6240b8ebcc180f555af0a0b3f22b2e0f_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65be4e39f8a55a5c49b5c3f5721e06f4_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6977d201a859ebfe207266dd0ab6f4b6_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b518eb16a2bac484f0f8332527da053_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7723604db5acfac1af7221323abaeb34_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7db48c5e0c1c53a916df4570af51413e_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8640a7266a21204171dfb2c68505c963_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89ba86f46d3ee1321cb902f831a07277_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cc19807f0e9b6d93fcb909514faa532_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a564267ce6ff9bcc4208478bfcd2bf4f_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5728dabfba7856fb3881685cb5d13ee_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9050bf545c61b5d8db7e26810725474_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c142841091182c1dcb9a0a94e8d8672c_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d174ea79e035585e6df4e57533b7ae9f_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ece8f8eb14b7698cc08e5d332803925b_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eea087fee2c15a6d3b3c5d6845bb6f23_ddb9997f-5388-4001-97db-b14d49d439c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer13.zip/optimize.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer13.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer6.zip/optimize.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Staples106\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Staples106\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Staples106\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Staples106\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\History\History.IE5\MSHist012007050220070503\index.dat Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\Temp\oariajip.dll Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\Temp\ticokmna.dll Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Staples106\Local Settings\Temporary Internet Files\Content.IE5\G854A1LT\index[1].htm Infected: Exploit.HTML.IESlice.i skipped
C:\Documents and Settings\Staples106\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Staples106\My Documents\My Received Files\1Click.DVD.Copy.Version.5.WinALL.Incl.Keygen-BLiZZARD\1Click.DVD.Copy.Version.5.WinALL.Incl.Keygen-BLiZZARD\1clickdvdcopy5.exe Infected: Trojan-Dropper.Win32.Binder.c skipped
C:\Documents and Settings\Staples106\ntuser.dat Object is locked skipped
C:\Documents and Settings\Staples106\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP488\A0031933.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP488\A0031956.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP488\A0031964.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP490\A0032095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0039119.dll Infected: Trojan.Win32.Agent.afg skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0044150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0044153.exe Infected: Trojan.Win32.Agent.afg skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP496\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awvtu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\drivers\etc\2.hosts Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\drivers\etc\3.hosts Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\drivers\ndis.sys Object is locked skipped
C:\WINDOWS\system32\edfuqodj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\eiufsit.dll Infected: Trojan.Win32.Agent.afg skipped
C:\WINDOWS\system32\emr.dll Infected: Trojan.Win32.Agent.afg skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jtmoxxbmahbdw.dll Infected: Trojan.Win32.Agent.afg skipped
C:\WINDOWS\system32\mljjj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\WINDOWS\system32\mscci.dll Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\WINDOWS\system32\msfdje.gif Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\WINDOWS\system32\sset.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Sidesearch.c skipped
C:\WINDOWS\system32\sset.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.ClearSearch.f skipped
C:\WINDOWS\system32\sset.exe/stream Infected: not-a-virus:AdWare.Win32.ClearSearch.f skipped
C:\WINDOWS\system32\sset.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\totour.exe Object is locked skipped
C:\WINDOWS\system32\vwhpuwthx.dll Infected: Trojan.Win32.Agent.afg skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

thanks again

wadet · May 2007

hi,
I forgot to mention, I followed the instructions and ran ad aware, spybot, downloaded spyware blaster and ran ATF ..

thanks

wadet · May 2007

tried posting in the 72 hour thread but it wont let me ..

peku006 · May 2007

Hi wadet and welcome to Short-Media. I'm checking your log, so please be patient.

peku006 · May 2007

Hi wadet

Lets start with this:

Rename HijackThis.exe to scanner.exe

Please download
VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please download Deckard's System Scanner to your Desktop

* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post the contents of C:\vundofix.txt, Main.txt , extra.txt and a new HiJackThis log;)

wadet · May 2007

thanks for your help,

Vondo...
VundoFix V6.3.21
Checking Java version...
Java version is 1.5.0.10
Scan started at 12:15:50 AM 5/7/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\edfuqodj.dll
C:\WINDOWS\system32\jdoqufde.ini
C:\WINDOWS\system32\pucmokni.dll
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\edfuqodj.dll
C:\WINDOWS\system32\edfuqodj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jdoqufde.ini
C:\WINDOWS\system32\jdoqufde.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Has been deleted!
Performing Repairs to the registry.
Done!

Deckards Main ...
Deckard's System Scanner v20070426.43
Run by Staples106 on 2007-05-07 at 23:57:11
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
25: 2007-05-08 06:57:22 UTC - RP505 - Deckard's System Scanner Restore Point
24: 2007-05-07 13:27:32 UTC - RP504 - System Checkpoint
23: 2007-05-06 12:27:27 UTC - RP503 - System Checkpoint
22: 2007-05-05 11:27:29 UTC - RP502 - System Checkpoint
21: 2007-05-04 10:27:29 UTC - RP501 - System Checkpoint

-- First Restore Point --
1: 2007-04-17 08:32:48 UTC - RP481 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Staples106.exe)

Logfile of HijackThis v1.99.1
Scan saved at 11:59:22 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Staples106\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Staples106.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fvbhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7658BDDD-C42C-4582-8675-9AB82E876E53} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8919A5CC-3BA4-462A-8DC8-1D170C2396B2} - C:\WINDOWS\system32\ddkbbvdb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\ugshsixg.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ogfhhjxa.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lfuzxus.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121405525059
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132899976599
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/3.0.04.58/Control/IRCSharc.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qualifier/static/controls/WebflowActiveX.CAB
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entertainment.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxywtts - xxywtts.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 GEKKWLNO - c:\windows\system32\gekkwlno.fks (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 FINEPIX_PCC (FinePix Digital Camera 020523) - c:\windows\system32\drivers\v4cb0115.sys <Not Verified; FUJI PHOTO FILM CO.,LTD.; USB PC Camera>
S3 ldiskl - c:\docume~1\staple~1\locals~1\temp\ldiskl.sys (file missing)
S3 ntldr.sys - c:\ntldr.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 VAIOMediaPlatform-PhotoServer-AppServer (VAIO Media Photo Server (Application)) - c:\program files\sony\photo server 20\appsrv\picappsrv.exe <Not Verified; ; Photo Application Server>

-- Scheduled Tasks

2007-05-07 20:27:13 374 --a

C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-05-07 00:06:00 422 --a

C:\WINDOWS\Tasks\WebReg 20030205000658.job
2007-05-04 06:06:01 284 --a

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-04-07 and 2007-05-07

2007-05-07 09:09:03 42496 --a

C:\WINDOWS\system32\totour.exe
2007-05-07 00:15:50 0 d

C:\VundoFix Backups
2007-05-04 09:50:35 132660 --a

C:\WINDOWS\system32\ogfhhjxa.dll
2007-05-03 00:16:06 0 dr-h

C:\$VAULT$.AVG
2007-05-02 20:25:55 0 d

C:\Documents and Settings\Staples106\Application Data\AVG7
2007-05-02 19:17:55 0 d

C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-02 19:17:21 0 d

C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-02 19:17:21 0 d

C:\Documents and Settings\All Users\Application Data\avg7
2007-05-02 09:31:44 0 d

C:\WINDOWS\system32\Kaspersky Lab
2007-05-02 09:17:38 0 d

C:\Program Files\SpywareBlaster
2007-05-02 00:36:53 0 d

C:\Program Files\Enigma Software Group
2007-05-02 00:01:50 21504 --a

C:\WINDOWS\system32\jtmoxxbmahbdw.dll
2007-04-30 22:25:03 21504 --a

C:\WINDOWS\system32\eiufsit.dll
2007-04-30 00:03:24 21504 --a

C:\WINDOWS\system32\vwhpuwthx.dll
2007-04-29 21:02:42 0 d

C:\!KillBox
2007-04-29 11:30:43 21504 --a

C:\WINDOWS\system32\emr.dll
2007-04-27 09:03:13 0 d

C:\WINDOWS\network diagnostic
2007-04-26 00:38:57 0 dr-h

C:\Documents and Settings\Staples106\Recent
2007-04-25 23:48:44 0 d

C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-04-25 23:48:44 0 d

C:\Documents and Settings\Administrator\Application Data\Identities
2007-04-25 23:48:44 0 d

C:\Documents and Settings\Administrator\Application Data\Corel
2007-04-25 23:48:44 0 d

C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-25 23:48:43 0 dr-h

C:\Documents and Settings\Administrator\SendTo
2007-04-25 23:48:43 0 dr-h

C:\Documents and Settings\Administrator\Recent
2007-04-25 23:48:43 0 d--h

C:\Documents and Settings\Administrator\PrintHood
2007-04-25 23:48:43 0 d--h

C:\Documents and Settings\Administrator\NetHood
2007-04-25 23:48:43 0 dr

C:\Documents and Settings\Administrator\My Documents
2007-04-25 23:48:43 0 d--h

C:\Documents and Settings\Administrator\Local Settings
2007-04-25 23:48:43 0 dr

C:\Documents and Settings\Administrator\Favorites
2007-04-25 23:48:43 0 d

C:\Documents and Settings\Administrator\Desktop
2007-04-25 23:48:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-25 23:48:43 0 dr-h

C:\Documents and Settings\Administrator\Application Data
2007-04-25 23:48:43 0 d

C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-04-25 23:48:43 0 d

C:\Documents and Settings\Administrator\Application Data\Real
2007-04-25 23:48:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-25 23:48:42 0 d

C:\Documents and Settings\Administrator\WINDOWS
2007-04-25 23:48:42 0 d--h

C:\Documents and Settings\Administrator\Templates
2007-04-25 23:48:42 0 dr

C:\Documents and Settings\Administrator\Start Menu
2007-04-25 23:48:42 638976 --a

C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-24 16:03:51 0 d

C:\WINDOWS\system32\?racle
2007-04-24 16:03:17 0 d

C:\Program Files\Common Files\?icrosoft.NET
2007-04-24 16:01:32 281172 ---hs---- C:\WINDOWS\system32\mljjj.dll

-- Find3M Report

2007-05-02 21:45:20 0 d

C:\Program Files\Java
2007-04-29 22:08:19 0 d

C:\Program Files\messenger
2007-04-25 22:02:35 0 d

C:\Program Files\Microsoft ActiveSync
2007-04-25 21:58:56 0 d

C:\Program Files\Google
2007-04-25 20:46:40 0 d

C:\Program Files\WS_FTP Pro
2007-04-25 20:46:36 0 d

C:\Program Files\QuickTime
2007-04-25 20:46:20 0 d

C:\Program Files\MSN Messenger
2007-04-21 09:33:50 0 d

C:\Program Files\PokerStars
2007-04-20 15:48:56 125360 --a

C:\Documents and Settings\Staples106\Application Data\GDIPFONTCACHEV1.DAT
2007-04-05 22:00:25 0 d

C:\Program Files\Palm
2007-04-05 21:37:31 2508 --a

C:\Documents and Settings\Staples106\Application Data\$_hpcst$.hpc
2007-03-27 22:48:34 0 d

C:\Program Files\Windows Journal Viewer
2007-03-27 16:02:52 0 d

C:\Program Files\TOD 012004
2007-03-27 15:44:18 0 d--h

C:\Program Files\Zero G Registry
2007-03-27 02:31:42 0 d

C:\Program Files\Movie Maker
2007-03-27 02:24:37 0 d

C:\Program Files\Windows NT
2007-03-26 16:42:24 0 d

C:\Program Files\MSXML 4.0

-- Registry Dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{601ED020-FB6C-11D3-87D8-0050DA59922B} C:\Program Files\WS_FTP Pro\wsbho2k0.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7658BDDD-C42C-4582-8675-9AB82E876E53} C:\WINDOWS\system32\awvtu.dll [x]
{8919A5CC-3BA4-462A-8DC8-1D170C2396B2} C:\WINDOWS\system32\ddkbbvdb.dll [x]
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\ugshsixg.dll\",setvm"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"WindowsService"="rundll32.exe \"C:\\WINDOWS\\system32\\ogfhhjxa.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"="0"
"NoAdminPage"="0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F9D0C61-737D-44D1-BD80-91AF857061CC}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtts
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk"
"backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "
"item"="VAIO Action Setup (Server)"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LTSMMSG"
"hkey"="HKLM"
"command"="LTSMMSG.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCClient.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCCClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pop3trap"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD100"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiSUSBrg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SiSUSBrg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="server"
"hkey"="HKLM"
"command"="c:\\program files\\support.com\\client\\lserver\\server.vbs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- Hosts

127.0.0.1 fastclick.net
127.0.0.1 www.fastclick.net

-- End of Deckard's System Scanner: finished at 2007-05-08 at 00:00:08

wadet · May 2007

Logfile of HijackThis v1.99.1
Scan saved at 12:01:11 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fvbhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7658BDDD-C42C-4582-8675-9AB82E876E53} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8919A5CC-3BA4-462A-8DC8-1D170C2396B2} - C:\WINDOWS\system32\ddkbbvdb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\ugshsixg.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ogfhhjxa.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lfuzxus.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121405525059
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132899976599
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/3.0.04.58/Control/IRCSharc.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qualifier/static/controls/WebflowActiveX.CAB
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entertainment.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxywtts - xxywtts.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

wadet · May 2007

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.53 MiB / 586.15 MiB
Pagefile Memory (total/avail): 1697.94 MiB / 1328.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.54 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 54.99 GiB total, 38.49 GiB free.
D: is Fixed (NTFS) - 19.57 GiB total, 5.82 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.467 v7.5.467 (GRISOFT)

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Staples106\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WADE1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Staples106
LOGONSERVER=\\WADE1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\MICROS~2\Office;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STAPLE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STAPLE~1\LOCALS~1\Temp
USERDOMAIN=WADE1
USERNAME=Staples106
USERPROFILE=C:\Documents and Settings\Staples106
windir=C:\WINDOWS

-- User Profiles

Staples106 (admin)
Administrator (new local, admin)
Guest (guest)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AdWare & SpyWare --> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "http://www.adwareremovergold.com/?revid=31418&s=1"
Agfa ScanWise 2.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ArcSoft VideoImpression 1.6FP --> C:\WINDOWS\IsUninst.exe -fd:\Uninst.isu
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.1.0.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{243A7C38-E425-4B8A-B1ED-CEAEC7BDC319} /l1033
ATI Multimedia Center 8.1.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{28ADA52D-B7AF-442C-8B7F-CEB9ECC28078} /l1033
AutoUnpack 4.4.4 --> "C:\Program Files\AutoUnpack\unins000.exe"
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -l0x9 -uninst
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belkin SOHO Networking Utilities --> MsiExec.exe /I{226F9059-56F3-45E2-BF55-6C3896CB190A}
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ChainCast Proxy (remove only) --> rundll32 C:\WINDOWS\System32\ccmp392.dll,UninstallProxy
Click 'N Burn CD & DVD --> "C:\Program Files\Click 'N Burn CD & DVD\unins000.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Easy Screen Capture --> C:\Program Files\Longfine\escrcap\uninstal.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Experience Vaio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0125AA92-F44D-4DB3-8B98-2F14A7B9ACB1}\setup.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GSIM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\gsim.inf, Uninstall
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
ImageStation Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72275927-4241-46A7-A9C4-B86C6B256EB6}\setup.exe"
ImageStation Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500CE39A-DC17-44EE-8EAD-E0416B16F0BC}\setup.exe"
Ipswitch WS_FTP Pro --> C:\WINDOWS\ISUNINST.EXE -f"C:\PROGRA~1\WS_FTP~1\uninst.isu" -c"C:\PROGRA~1\WS_FTP~1\FTPInstUtils.dll"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_64f7f42\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Software Uninstall --> C:\Program Files\Lexmark_HostCD\Install\Uninstall.exe
LimeWire 4.10.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LRXS --> "C:\WINDOWS\System32\dllcache\msngr.exe" -uninstall
Lucent Technologies Soft Modem AMR --> ltremove
Messageware Plus Pack Base Component --> MsiExec.exe /I{C365ACC1-D32A-4552-A246-38DE4EF40DC6}
Messageware Plus Pack English Dictionary --> MsiExec.exe /I{B554158F-E72C-402C-98A6-9EDF215DB4DB}
Messageware Plus Pack Spell Check Component --> MsiExec.exe /I{0EFB66FE-E184-4D90-9B7C-429EA238E59D}
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
MovieShaker 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
MyTaxexpress 2002 --> "C:\Program Files\myTaxExp2002\unins000.exe"
myTaxExpress for Y2003 --> "C:\Program Files\mytaxexpY2003\unins000.exe"
Network Smart Capture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe"
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Secure Module 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\Setup.exe" -l0x9 UNINSTALL
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Paraben's Business Card Builder --> C:\WINDOWS\CAMUINST.EXE C:\Program Files\Paraben\Business Card Builder\CAMUINST.DAT
PicoPlayer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75150BEF-150E-409B-B74B-81B883C5BC11}\setup.exe"
PicoPlayer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C70C75F-A265-4C62-B90F-8F80AA69F262}\setup.exe"
PicoPlayerSplashScreen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00609F70-5043-4C20-895A-D6EF7ACE9304}\setup.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SiS Compatible VGA V2.09a --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.09A\DeIsL1.isu"&P.U 4 sisgr.inf&-1
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SonicStage 1.5.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Star Wars®: Knights of the Old Republic (TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Support Actions WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
TOD --> "C:\Program Files\TOD 012004\UninstallerData\Uninstall TOD 012004.exe"
Treo 700wx User Guide --> MsiExec.exe /X{7579D301-A4DE-4BDC-A100-FE7FABB69234}
Ultra WinCleaner One Click! Version 8.0 --> "C:\Program Files\blcorp\UWCSuite\UWC\unins000.exe"
VAIO Action Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\setup.exe" -l0x9
VAIO Brezza Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACEC9C3E-0100-4EBE-B298-35A2145828A0}\setup.exe"
VAIO Edit Components LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Grid Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}\setup.exe"
VAIO Media 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Installer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1A8479-D871-4573-AA8C-90BF0338B242}\setup.exe"
VAIO Media Platform 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AA14D661-8B7A-4A8F-B093-405C160178AF}
VAIO Serenus Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802EF464-4992-42B3-8434-45151AD3C933}\setup.exe"
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Visual Vision HyperPublishT_e --> c:\vv\CDROMs\iper3pro\Eng\client\f\HyperPublishT_e.exe /DEINST
Voice Editor 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4FB3F60-6FC4-11D5-896D-00609726C7CB}\setup.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Win32 BI Application --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\payload.inf, Uninstall
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 2002 --> C:\WINDOWS\Corel\uninst32.exe
Yahoo! Messenger --> D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- End of Deckard's System Scanner: finished at 2007-05-08 at 00:00:08

peku006 · May 2007

Hi wadet

step #1

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {7658BDDD-C42C-4582-8675-9AB82E876E53} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8919A5CC-3BA4-462A-8DC8-1D170C2396B2} - C:\WINDOWS\system32\ddkbbvdb.dll (file missing)
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\ugshsixg.dll",setvm
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ogfhhjxa.dll",realset
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qual...lowActiveX.CAB
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CA
O20 - Winlogon Notify: xxywtts - xxywtts.dll (file missing)

Close ALL open windows
Click Fix Checked
Close HiajckThis

step #2

Please download LSPFix
Once LSP-Fix is downloaded, extract it to your desktop.
Close all windows on your computer.
start lspfix.
Put a checkmark in the 'I know what I'm doing' checkbox.
Now move any instances of "lfuzxus.dll" into the remove box using the >> button.
Press the finish button.

step #3

Please download PurityScan uninstaller
Double click on the OiUninstaller.exe icon on your desktop
Click on Run
Enter the four digit code that is displayed and click on Uninstall
Click on Ok and reboot your computer

step #4

Please backup your registry before fix it:

Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window

Please run Notepad and paste the following text into a new file:

REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] 
"{3F9D0C61-737D-44D1-BD80-91AF857061CC}"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".
Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry

step #5

Please download killbox to your desktop
Unzip it to your desktop.
Run Killbox.exe
-> Choose Delete on Reboot
-> Click All Files option.
Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

C:\Documents and Settings\Staples106\My Documents\My Received Files\1Click.DVD.Copy.Version.5.WinALL.Incl.Keygen-BLiZZARD\1Click.DVD.Copy.Version.5.WinALL.Incl.Key gen-BLiZZARD\1clickdvdcopy5.exe
C:\WINDOWS\system32\drivers\etc\1.hosts
C:\WINDOWS\system32\drivers\etc\2.hosts
C:\WINDOWS\system32\drivers\etc\3.hosts
C:\WINDOWS\system32\edfuqodj.dll
C:\WINDOWS\system32\mscci.dll
C:\WINDOWS\system32\msfdje.gif
C:\WINDOWS\system32\sset.exe
C:\WINDOWS\system32\totour.exe
C:\WINDOWS\system32\ogfhhjxa.dll
C:\WINDOWS\system32\jtmoxxbmahbdw.dll
C:\WINDOWS\system32\eiufsit.dll
C:\WINDOWS\system32\vwhpuwthx.dll
C:\WINDOWS\system32\emr.dll
C:\WINDOWS\system32\mljjj.dll
C:\windows\system32\lfuzxus.dll
C:\WINDOWS\system32\pucmokni.dll
C:\WINDOWS\system32\ugshsixg.dll
C:\WINDOWS\system32\ogfhhjxa.dll

Then go back to Killbox
-> go to File
-> choose Paste from Clipboard
-> Click the red-white Delete File option.
-> Click Yes to Delete on Reboot question
-> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
-> Restart your computer if Killbox won't do it.
(If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox

step #6

Please Download SDFix and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

step #7

Please download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post fresh HijackThis log ,SDfix.Report.txt. and combofix.log;)

wadet · May 2007

Hi Peku006, thanks for your help!!

Logfile of HijackThis v1.99.1
Scan saved at 3:24:54 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fvbhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121405525059
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132899976599
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/3.0.04.58/Control/IRCSharc.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entertainment.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

SDFix: Version 1.83
Run by Staples106 - Wed 05/09/2007 - 15:01:56.23
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ntldr.sys
ImagePath:
\??\C:\ntldr.sys
ntldr.sys - Deleted

ndis.sys Infected!
Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...
Original ndis.sys Restored

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZUNWNYX\CAZPQKH0.HTM - Deleted
C:\CP1041.NLS - Deleted
C:\WINDOWS\system32\form.txt - Deleted

Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:
Remaining Services:

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Damoim\\Messenger\\DMsgr.exe"="C:\\Program Files\\Damoim\\Messenger\\DMsgr.exe:*:Enabled:´Ù¸ðÀÓ ¸Þ½ÅÀú"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:

Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Staples106\My Documents\My Webs\bestlads.com\Thumbs.db
C:\Documents and Settings\Staples106\My Documents\My Webs\freeunit.com\Thumbs.db
C:\Documents and Settings\Staples106\My Documents\web\bestlads.com\Thumbs.db
C:\Documents and Settings\Staples106\My Documents\web\freeunit.com\Thumbs.db
C:\Documents and Settings\Staples106\NetHood\bboard on www.onepercentrealty.com\Desktop.ini
C:\Documents and Settings\Staples106\NetHood\bboard2 on www.onepercentrealty.com\Desktop.ini
C:\Documents and Settings\Staples106\NetHood\corp on www.info.ea.com\Desktop.ini
C:\Documents and Settings\Staples106\NetHood\www.allrealcelebs.com\Desktop.ini
C:\Documents and Settings\Staples106\NetHood\www.woodrun-whistler.com\Desktop.ini
C:\RecoveryBin\Volume-82db1ee4-2974-11d7-ab7a-806d6172696f\Documents and Settings\Staples106\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\UdBinInfo.dat
Finish

wadet · May 2007

"Staples106" - 2007-05-09 15:18:59 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Staples106\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1

((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))

2007-05-09 14:14 102,694,436 --a

C:\regbackup.reg
2007-05-09 03:05 <DIR> d

C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 23:57 <DIR> d

C:\Deckard
2007-05-07 00:15 <DIR> d

C:\VundoFix Backups
2007-05-02 09:31 <DIR> d

C:\WINDOWS\system32\Kaspersky Lab
2007-05-02 09:23 127,208 --a

C:\WINDOWS\system32\mucltui.dll
2007-05-02 09:17 <DIR> d

C:\Program Files\SpywareBlaster
2007-05-02 00:36 <DIR> d

C:\Program Files\Enigma Software Group
2007-04-29 21:02 <DIR> d

C:\!KillBox
2007-04-27 09:03 <DIR> d

C:\WINDOWS\network diagnostic
2007-04-26 00:49 3,968 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-25 23:48 638,976 --a

C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-25 23:48 <DIR> d

C:\DOCUME~1\ADMINI~1\WINDOWS
2007-04-25 23:48 <DIR> d

C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
2007-04-25 23:48 <DIR> d

C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-25 23:48 <DIR> d

C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
2007-04-25 23:48 <DIR> d

C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-30 05:08:19

d

w C:\Program Files\messenger
2007-04-26 05:02:35

d

w C:\Program Files\Microsoft ActiveSync
2007-04-26 04:58:56

d

w C:\Program Files\Google
2007-04-26 03:46:40

d

w C:\Program Files\WS_FTP Pro
2007-04-26 03:46:36

d

w C:\Program Files\QuickTime
2007-04-26 03:46:20

d

w C:\Program Files\MSN Messenger
2007-04-21 16:33:50

d

w C:\Program Files\PokerStars
2007-04-20 22:48:56 125,360 ----a-w C:\DOCUME~1\STAPLE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-06 05:00:25

d

w C:\Program Files\Palm
2007-03-28 05:48:34

d

w C:\Program Files\Windows Journal Viewer
2007-03-27 23:02:52

d

w C:\Program Files\TOD 012004
2007-03-27 22:44:18

d--h--w C:\Program Files\Zero G Registry
2007-03-27 09:31:42

d

w C:\Program Files\Movie Maker
2007-03-27 09:24:37

d

w C:\Program Files\Windows NT
2007-03-26 23:42:24

d

w C:\Program Files\MSXML 4.0
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{601ED020-FB6C-11D3-87D8-0050DA59922B}"="C:\Program Files\WS_FTP Pro\wsbho2k0.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar4.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe gamma loader.exe.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^vaio action setup (server).lnk
C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ati launchpad

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezshieldprotector for px
C:\WINDOWS\System32\ezSP_Px.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltsmmsg
LTSMMSG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccclient.exe
"C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe
"C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop3trap.exe
"C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quickfinder scheduler
"C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sis khooker
C:\WINDOWS\System32\khooker.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sis tray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sisusbrg
C:\WINDOWS\SiSUSBrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ztgserverswitch
c:\program files\support.com\client\lserver\server.vbs

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20030205000658.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-09 15:21:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************
Completion time: 2007-05-09 15:23:31
C:\ComboFix-quarantined-files.txt ... 2007-05-09 15:23

peku006 · May 2007

Hi wadet
Good Work! Please do the following

step#1
Please delete the following folders
C:\VundoFix\ Backups
C:\qoobox\purity

step#2
Please download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
* Windows Temp
* Current User Temp
* All Users Temp
* Temporary Internet Files
* Prefetch
* Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Click Exit on the Main menu to close the program.

Print out these instructions or save them with notepad or Word

step#3

Start AVG Anti-Spyware
Click the Update icon
Click Start update
Wait until updates are downloaded
Click the Scanner icon
Open the Settings tab

- If you are having problems with the updater, you can use this link to manually update
- Make sure that under "How to act?" read Quarantine
  (If not, click the text and choose Quarantine)
- Under "How to scan?" all checkboxes should be ticked
- Under "Reports" select Automatically generate report after every scan
  and uncheck Only if threats were found
- Under "What to scan?" select Scan every file
Click the Shield icon
Under the "Resident shield is" click active to make it inactive
Close AVG Anti-Spyware

Reboot to safe mode

If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on
Start tapping the F8 key
The Windows Advanced Options Menu appears
Ensure that the Safe Mode option is selected
Press Enter. The computer then begins to start in Safe mode
Login on your usual account

Open My Computer.
Click Tools menu then click Folder Options.
Click the View tab.
Scroll to the ;Hidden files and folders; section and click Show hidden files and folders.;
Uncheck the Hide protected operating system files (recommended); option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.

Close all open windows / programs / folders
Start AVG Anti-Spyware
Click the Scanner icon
Click Complete System Scan
Let the program scan the machine
When the scan has finished, follow the instructions below
- Make sure that under "Set all elements to" read Quarantine

- (If not, click the text and choose Quarantine)
- Click Apply all actions
- Click Save Report
- Click Save reports as
- Save report to your Desktop

Post fresh HijackThis log and the AVG Anti-Spyware report;)

wadet · May 2007

Thanks again for your help ..

Logfile of HijackThis v1.99.1
Scan saved at 2:00:46 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fvbhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121405525059
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132899976599
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/3.0.04.58/Control/IRCSharc.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entertainment.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

AVG Anti-Spyware - Scan Report

+ Created at: 1:49:41 PM 5/10/2007
+ Scan result:

C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047626.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP490\A0032095.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP488\A0031964.exe -> Downloader.PurityScan.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047577.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047581.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0044153.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP504\A0047398.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP505\A0047414.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047563.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0039144.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP502\A0047370.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047565.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP507\A0047566.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP495\A0039119.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP505\A0047412.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP505\A0047413.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).

::Report end

peku006 · May 2007

Hi wadet
Good Work, your log looks clean, Everything is good now
we have two things to do

step #1
Clean your System Restore:
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK
Reboot.
Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK

You can fix these lines with HijackThis, if you want. This could to speed up to your computer starting.
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Close ALL open windows
Click Fix Checked
Close HiajckThis

step #2
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CCleaner System optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk spaceIt also cleans traces of your online activities such as your Internet history.Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... also comes with a comprehensive backup feature.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klei
Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

Happy surfing and stay clean!

wadet · May 2007

Hi,

thanks for your help, great instructions

thanks

Problem with winantivirus/systemdoctor popups

Comments