Popups and virus

Unknown

Popups keep coming up on my win2000 pro machine.
Things keep starting and closing in background.

Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:08:09 PM, on 6/25/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
C:\WINNT\system32\cidaemon.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [literuleeqwarn] C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Wcal] "C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: 64.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McciContextHookSvc - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)


Active Scan report

Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\phbwunsg.dll
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\pmujarpj.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\qmrtgomc.exe

KASPERSKY ONLINE SCANNER REPORT Monday, June 25, 2007 9:34:11 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/06/2007
Kaspersky Anti-Virus database records: 353388
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\
C:\
D:\
E:\ Scan StatisticsTotal number of scanned objects35699Number of viruses found2Number of infected objects1 / 0Number of suspicious objects2Duration of the scan process01:33:38
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5F03B57A-38F8-463B-A866-F08102D1D03E}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/win73.tmp.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\Billy\Local Settings\Temp\hsperfdata_Billy\2184 Object is locked skipped C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Randy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Randy\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Randy\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Randy\Local Settings\History\History.IE5\MSHist012007062520070626\index.dat Object is locked skipped C:\Documents and Settings\Randy\Local Settings\Temp\hsperfdata_Randy\2004 Object is locked skipped C:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\4VY7UUGC\WinAntiVirusPro2006FreeInstall[1].exe Object is locked skipped C:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Randy\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Randy\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Randy\UserData\index.dat Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped C:\System Volume Information\catalog.wci\0001000A.ci Object is locked skipped C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped C:\WINNT\CSC\00000001 Object is locked skipped C:\WINNT\Debug\ipsecpa.log Object is locked skipped C:\WINNT\Debug\oakley.log Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\SchedLgU.Txt Object is locked skipped C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\default Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\software Object is locked skipped C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\system Object is locked skipped C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped C:\WINNT\system32\Perflib_Perfdata_434.dat Object is locked skipped C:\WINNT\system32\Perflib_Perfdata_6a4.dat Object is locked skipped C:\WINNT\system32\phbwunsg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped C:\WINNT\Temp\mcmsc_1skze2CZHUuEPbb Object is locked skipped C:\WINNT\Temp\mcmsc_6pzdnWAeX3ZcGwQ Object is locked skipped C:\WINNT\Temp\mcmsc_PUc4zwbxRTzOD1s Object is locked skipped C:\WINNT\Temp\mcmsc_VY8d8Hb0LHNNH0J Object is locked skipped C:\WINNT\WindowsUpdate.log Object is locked skipped Scan process completed.

Linkola

Hi,

Welcome to Short-Media Forums.

I'm checking your log, so please be patient.

As we work together to resolve your problem please read the instructions carefully. You may wish to print them off or copy them into Notepad.
If you have question please don't hesitate to ask
The instructions I give are specific to your current problem and should not be used on other systems.
Post your replies to this thread.

Linkola

Please download VundoFix.exe to your desktop.

• Double-click *VundoFix.exe* to run it.
• Click the *Scan for Vundo* button.
• Once it's done scanning, click the *Remove Vundo* button.
• You will receive a prompt asking if you want to remove the files, click *YES*
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click *OK*.
• Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

==========

Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=======

Download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.

====0

Rename HijackThis.exe

1. Right click on the HijackThis icon.



2. Select Rename.



3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
Hit the enter key on keyboard.



Double click on Scanner.exe.
Click on Do a system scan and save a logfile. Post log in next reply.

the darleks

VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.11
Scan started at 5:42:06 PM 6/26/2007
Listing files found while scanning....
C:\WINNT\system32\byxvu.dll
C:\WINNT\system32\uvxyb.bak1
C:\WINNT\system32\uvxyb.bak2
C:\WINNT\system32\uvxyb.ini
C:\WINNT\system32\uvxyb.ini2
Beginning removal...
Attempting to delete C:\WINNT\system32\byxvu.dll
C:\WINNT\system32\byxvu.dll Has been deleted!
Attempting to delete C:\WINNT\system32\uvxyb.bak1
C:\WINNT\system32\uvxyb.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\uvxyb.bak2
C:\WINNT\system32\uvxyb.bak2 Has been deleted!
Attempting to delete C:\WINNT\system32\uvxyb.ini
C:\WINNT\system32\uvxyb.ini Has been deleted!
Attempting to delete C:\WINNT\system32\uvxyb.ini2
C:\WINNT\system32\uvxyb.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.11
Scan started at 8:40:12 PM 6/26/2007
Listing files found while scanning....
No infected files were found.

COMBOFIX
"Randy" - 06/26/2007 20:44:16 - ComboFix 07-06-26.8 - Service Pack 4 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\phbwunsg.dll
C:\WINNT\system32\roinolua.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Randy\MYDOCU~1.\dobe~1
C:\WINNT\system32\launcher.exe

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-26 20:43 49,152 --a

---

C:\WINNT\nircmd.exe
2007-06-26 17:42 <DIR> d

---

C:\VundoFix Backups
2007-06-26 16:38 66,112 --a

---

C:\WINNT\system32\qylojwan.dll
2007-06-26 16:35 128,576 --a

---

C:\WINNT\system32\rvnwkuet.dll
2007-06-26 16:33 4,672 --a

---

C:\WINNT\system32\nhieifhq.exe
2007-06-25 22:43 75,512 --a

---

C:\WINNT\zllsputility.exe
2007-06-25 22:43 4,212 ---h

---

C:\WINNT\system32\zllictbl.dat
2007-06-25 22:43 11,264 --a

---

C:\WINNT\system32\SpOrder.dll
2007-06-25 22:41 1,087,216 --a

---

C:\WINNT\system32\zpeng24.dll
2007-06-25 22:41 <DIR> d-a

---

C:\WINNT\system32\ZoneLabs
2007-06-25 22:39 <DIR> d-a

---

C:\WINNT\Internet Logs
2007-06-25 17:26 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-06-25 12:33 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-25 12:32 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-06-25 12:32 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\SUPERAntiSpyware.com
2007-06-24 23:51 <DIR> d

---

C:\WINNT\system32\Kaspersky Lab
2007-06-24 22:29 <DIR> d

---

C:\WINNT\BDOSCAN8
2007-06-24 19:52 <DIR> d

---

C:\WINNT\system32\ActiveScan
2007-06-24 09:29 71,496 --a

---

C:\WINNT\system32\drivers\mfeavfk.sys
2007-06-24 09:29 37,480 --a

---

C:\WINNT\system32\drivers\mfesmfk.sys
2007-06-24 09:29 34,184 --a

---

C:\WINNT\system32\drivers\mfebopk.sys
2007-06-24 09:29 32,008 --a

---

C:\WINNT\system32\drivers\mferkdk.sys
2007-06-24 09:29 170,408 --a

---

C:\WINNT\system32\drivers\mfehidk.sys
2007-06-24 09:29 109,608 --a

---

C:\WINNT\system32\drivers\Mpfp.sys
2007-06-24 09:28 <DIR> d

---

C:\Program Files\McAfee.com
2007-06-24 09:28 <DIR> d

---

C:\Program Files\Common Files\McAfee
2007-06-24 09:27 <DIR> d

---

C:\Program Files\McAfee
2007-06-24 09:19 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-24 09:06 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MSN6
2007-06-24 08:50 <DIR> d

---

C:\Program Files\Microsoft Office Outlook Connector
2007-06-24 08:48 <DIR> d

---

C:\Program Files\MSN Messenger
2007-06-24 08:48 <DIR> d

---

C:\Program Files\Messenger
2007-06-24 08:41 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\Motive
2007-06-24 08:35 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MSNInstaller
2007-06-24 08:33 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-06-24 08:27 <DIR> d-a

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-06-24 08:26 <DIR> d-a

---

C:\Program Files\Common Files\Motive
2007-06-24 08:23 <DIR> d-a

---

C:\Program Files\verizon
2007-06-24 08:21 <DIR> d

---

C:\Program Files\SupportSoft
2007-06-24 06:57 94,480 --a

---

C:\WINNT\system32\drivers\tmcomm.sys
2007-06-24 06:55 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\HouseCall 6.6
2007-06-24 00:46 <DIR> d

---

C:\DOCUME~1\Randy\.housecall6.6
2007-06-23 23:54 10,872 --a

---

C:\WINNT\system32\drivers\AvgAsCln.sys
2007-06-23 21:58 462,848 --a

---

C:\WINNT\system32\msaatext.dll
2007-06-23 21:58 360,448 --a

---

C:\WINNT\system32\oleacc.dll
2007-06-23 21:58 356,352 --a

---

C:\WINNT\system32\oleaccrc.dll
2007-06-23 21:57 499,712 --a

---

C:\WINNT\system32\msvcp71.dll
2007-06-23 21:57 348,160 --a

---

C:\WINNT\system32\msvcr71.dll
2007-06-23 17:45 <DIR> d

---

C:\Program Files\Enigma Software Group
2007-06-18 17:01 <DIR> d

---

C:\Program Files\Viewpoint
2007-06-16 10:05 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\Lavasoft
2007-06-10 17:09 12,888 --a

---

C:\DOCUME~1\Billy\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-10 09:19 <DIR> d

---

C:\DOCUME~1\Billy\APPLIC~1\Bitbliss Studios
2007-06-10 08:27 4,096 --a

---

C:\WINNT\d3dx.dat
2007-06-09 12:35 <DIR> d

---

C:\DOCUME~1\Billy\APPLIC~1\MegauploadToolbar
2007-06-02 11:41 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MySpace

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-27 00:37:51

---

d

---

w C:\DOCUME~1\Randy\APPLIC~1\LimeWire
2007-06-25 23:17:33

---

d

---

w C:\Program Files\WUSB11 WLAN Monitor
2007-06-25 16:32:13

---

d

---

w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 00:34:35

---

d

---

w C:\Program Files\AIM6
2007-06-24 05:52:23

---

d

---

w C:\Program Files\QuickTime
2007-06-23 20:47:08

---

d

---

w C:\Program Files\Verizon Online
2007-06-23 19:47:55 88 ----a-w C:\WINNT\popcinfo.dat
2007-06-16 21:22:58

---

d

---

w C:\Program Files\Common Files\Oberon Media
2007-06-14 22:02:41

---

d

---

w C:\Program Files\MySpace
2007-06-11 00:46:45 1,632 ----a-w C:\WINNT\system32\d3d8caps.dat
2007-06-09 16:35:03

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 21:11:07

---

d--ha-w C:\Program Files\WindowsUpdate
2007-05-08 20:45:10

---

d

---

w C:\Program Files\Motorola Phone Tools
2007-05-08 20:44:20 22,768 ----a-w C:\WINNT\system32\drivers\usbsermpt.sys
2007-05-01 22:04:42

---

d

---

w C:\Program Files\SwiftSwitch
2007-05-01 15:40:56

---

d

---

w C:\Program Files\Avanquest update
2007-05-01 15:40:54

---

d

---

w C:\DOCUME~1\Randy\APPLIC~1\InstallShield
2007-05-01 15:34:44

---

d

---

w C:\Program Files\Common Files\InstallShield
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-21 19:00:45 77,312 ----a-w C:\WINNT\ua2.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-04-16 12:44:08 54,032 ----a-w C:\WINNT\system32\mpr.dll
2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [06-10-23 00:08 ]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINNT\system32\qylojwan.dll [07-06-26 16:38 ]
{53B5F2B1-94DD-43E5-8187-EB4E31F00701}=C:\WINNT\system32\mZBTBHee.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [06-12-22 16:02 ]
{F9C53038-408E-414A-BC75-0C460E64D316}=C:\WINNT\system32\byxvu.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 08:00 C:\WINNT\system32\mobsync.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 05:25 ]
"nwiz"="nwiz.exe" [03-07-28 15:19 C:\WINNT\system32\nwiz.exe]
"cpqek"="C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe" [01-05-17 17:35 ]
"literuleeqwarn"="C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [07-03-11 17:37 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [07-04-27 17:17 ]
"Wcal"="C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 10:05 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-26 20:38 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"="C:\WINNT\system32\mZBTBHee.dll" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 08:29 ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [06-12-20 13:55 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintmw32]
wintmw32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=64.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
WmdmPmSN

Contents of the 'Scheduled Tasks' folder
2007-06-23 19:00:03 C:\WINNT\tasks\A72EA56B919D5F67.job
2007-06-24 13:28:53 C:\WINNT\tasks\McQcTask.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 20:53:19
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-26 21:01:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-06-26 21:00
--- E O F ---

07-03-07 10:37       264376    --a------    C:\Qoobox\Quarantine\C\WINNT\system32\Launcher.exe.vir
07-06-25 14:07       62560    --a------    C:\Qoobox\Quarantine\C\WINNT\system32\phbwunsg.dll.vir
07-06-25 22:59       62560    --a------    C:\Qoobox\Quarantine\C\WINNT\system32\roinolua.dll.vir

Folder PATH listing
Volume serial number is 0006FE80 BC60:F4EA
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINNT
    |       \---system32
    |               Launcher.exe.vir
    |               phbwunsg.dll.vir
    |               roinolua.dll.vir
    |               
    \---Registry_backups

FINDLOP
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A72EA56B919D5F67.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\billy\applic~1\ballgr~1\Style16Exit.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Billy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/17/2007 16:00:00
NextRun: 06/26/2007 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/22/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'McQcTask.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\program files\mcafee\mqc\QcConsol.exe'
Parameters: '14 0'
WorkingDirectory: 'c:\program files\mcafee\mqc'
Comment: 'McAfee McAfee QuickClean'
Creator: 'Randy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 07/01/2007 1:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: MonthlyDate
Days: 1
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/24/2007
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

COMBOFIX
"Randy" - 06/26/2007 20:44:16 - ComboFix 07-06-26.8 - Service Pack 4 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\phbwunsg.dll
C:\WINNT\system32\roinolua.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Randy\MYDOCU~1.\dobe~1
C:\WINNT\system32\launcher.exe

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-26 20:43 49,152 --a

---

C:\WINNT\nircmd.exe
2007-06-26 17:42 <DIR> d

---

C:\VundoFix Backups
2007-06-26 16:38 66,112 --a

---

C:\WINNT\system32\qylojwan.dll
2007-06-26 16:35 128,576 --a

---

C:\WINNT\system32\rvnwkuet.dll
2007-06-26 16:33 4,672 --a

---

C:\WINNT\system32\nhieifhq.exe
2007-06-25 22:43 75,512 --a

---

C:\WINNT\zllsputility.exe
2007-06-25 22:43 4,212 ---h

---

C:\WINNT\system32\zllictbl.dat
2007-06-25 22:43 11,264 --a

---

C:\WINNT\system32\SpOrder.dll
2007-06-25 22:41 1,087,216 --a

---

C:\WINNT\system32\zpeng24.dll
2007-06-25 22:41 <DIR> d-a

---

C:\WINNT\system32\ZoneLabs
2007-06-25 22:39 <DIR> d-a

---

C:\WINNT\Internet Logs
2007-06-25 17:26 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-06-25 12:33 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-25 12:32 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-06-25 12:32 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\SUPERAntiSpyware.com
2007-06-24 23:51 <DIR> d

---

C:\WINNT\system32\Kaspersky Lab
2007-06-24 22:29 <DIR> d

---

C:\WINNT\BDOSCAN8
2007-06-24 19:52 <DIR> d

---

C:\WINNT\system32\ActiveScan
2007-06-24 09:29 71,496 --a

---

C:\WINNT\system32\drivers\mfeavfk.sys
2007-06-24 09:29 37,480 --a

---

C:\WINNT\system32\drivers\mfesmfk.sys
2007-06-24 09:29 34,184 --a

---

C:\WINNT\system32\drivers\mfebopk.sys
2007-06-24 09:29 32,008 --a

---

C:\WINNT\system32\drivers\mferkdk.sys
2007-06-24 09:29 170,408 --a

---

C:\WINNT\system32\drivers\mfehidk.sys
2007-06-24 09:29 109,608 --a

---

C:\WINNT\system32\drivers\Mpfp.sys
2007-06-24 09:28 <DIR> d

---

C:\Program Files\McAfee.com
2007-06-24 09:28 <DIR> d

---

C:\Program Files\Common Files\McAfee
2007-06-24 09:27 <DIR> d

---

C:\Program Files\McAfee
2007-06-24 09:19 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-24 09:06 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MSN6
2007-06-24 08:50 <DIR> d

---

C:\Program Files\Microsoft Office Outlook Connector
2007-06-24 08:48 <DIR> d

---

C:\Program Files\MSN Messenger
2007-06-24 08:48 <DIR> d

---

C:\Program Files\Messenger
2007-06-24 08:41 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\Motive
2007-06-24 08:35 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MSNInstaller
2007-06-24 08:33 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-06-24 08:27 <DIR> d-a

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-06-24 08:26 <DIR> d-a

---

C:\Program Files\Common Files\Motive
2007-06-24 08:23 <DIR> d-a

---

C:\Program Files\verizon
2007-06-24 08:21 <DIR> d

---

C:\Program Files\SupportSoft
2007-06-24 06:57 94,480 --a

---

C:\WINNT\system32\drivers\tmcomm.sys
2007-06-24 06:55 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\HouseCall 6.6
2007-06-24 00:46 <DIR> d

---

C:\DOCUME~1\Randy\.housecall6.6
2007-06-23 23:54 10,872 --a

---

C:\WINNT\system32\drivers\AvgAsCln.sys
2007-06-23 21:58 462,848 --a

---

C:\WINNT\system32\msaatext.dll
2007-06-23 21:58 360,448 --a

---

C:\WINNT\system32\oleacc.dll
2007-06-23 21:58 356,352 --a

---

C:\WINNT\system32\oleaccrc.dll
2007-06-23 21:57 499,712 --a

---

C:\WINNT\system32\msvcp71.dll
2007-06-23 21:57 348,160 --a

---

C:\WINNT\system32\msvcr71.dll
2007-06-23 17:45 <DIR> d

---

C:\Program Files\Enigma Software Group
2007-06-18 17:01 <DIR> d

---

C:\Program Files\Viewpoint
2007-06-16 10:05 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\Lavasoft
2007-06-10 17:09 12,888 --a

---

C:\DOCUME~1\Billy\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-10 09:19 <DIR> d

---

C:\DOCUME~1\Billy\APPLIC~1\Bitbliss Studios
2007-06-10 08:27 4,096 --a

---

C:\WINNT\d3dx.dat
2007-06-09 12:35 <DIR> d

---

C:\DOCUME~1\Billy\APPLIC~1\MegauploadToolbar
2007-06-02 11:41 <DIR> d

---

C:\DOCUME~1\Randy\APPLIC~1\MySpace

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-27 00:37:51

---

d

---

w C:\DOCUME~1\Randy\APPLIC~1\LimeWire
2007-06-25 23:17:33

---

d

---

w C:\Program Files\WUSB11 WLAN Monitor
2007-06-25 16:32:13

---

d

---

w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 00:34:35

---

d

---

w C:\Program Files\AIM6
2007-06-24 05:52:23

---

d

---

w C:\Program Files\QuickTime
2007-06-23 20:47:08

---

d

---

w C:\Program Files\Verizon Online
2007-06-23 19:47:55 88 ----a-w C:\WINNT\popcinfo.dat
2007-06-16 21:22:58

---

d

---

w C:\Program Files\Common Files\Oberon Media
2007-06-14 22:02:41

---

d

---

w C:\Program Files\MySpace
2007-06-11 00:46:45 1,632 ----a-w C:\WINNT\system32\d3d8caps.dat
2007-06-09 16:35:03

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 21:11:07

---

d--ha-w C:\Program Files\WindowsUpdate
2007-05-08 20:45:10

---

d

---

w C:\Program Files\Motorola Phone Tools
2007-05-08 20:44:20 22,768 ----a-w C:\WINNT\system32\drivers\usbsermpt.sys
2007-05-01 22:04:42

---

d

---

w C:\Program Files\SwiftSwitch
2007-05-01 15:40:56

---

d

---

w C:\Program Files\Avanquest update
2007-05-01 15:40:54

---

d

---

w C:\DOCUME~1\Randy\APPLIC~1\InstallShield
2007-05-01 15:34:44

---

d

---

w C:\Program Files\Common Files\InstallShield
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-21 19:00:45 77,312 ----a-w C:\WINNT\ua2.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-04-16 12:44:08 54,032 ----a-w C:\WINNT\system32\mpr.dll
2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [06-10-23 00:08 ]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINNT\system32\qylojwan.dll [07-06-26 16:38 ]
{53B5F2B1-94DD-43E5-8187-EB4E31F00701}=C:\WINNT\system32\mZBTBHee.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [06-12-22 16:02 ]
{F9C53038-408E-414A-BC75-0C460E64D316}=C:\WINNT\system32\byxvu.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 08:00 C:\WINNT\system32\mobsync.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 05:25 ]
"nwiz"="nwiz.exe" [03-07-28 15:19 C:\WINNT\system32\nwiz.exe]
"cpqek"="C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe" [01-05-17 17:35 ]
"literuleeqwarn"="C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [07-03-11 17:37 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [07-04-27 17:17 ]
"Wcal"="C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 10:05 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-26 20:38 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"="C:\WINNT\system32\mZBTBHee.dll" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 08:29 ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [06-12-20 13:55 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintmw32]
wintmw32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=64.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
WmdmPmSN

Contents of the 'Scheduled Tasks' folder
2007-06-23 19:00:03 C:\WINNT\tasks\A72EA56B919D5F67.job
2007-06-24 13:28:53 C:\WINNT\tasks\McQcTask.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 20:53:19
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-26 21:01:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-06-26 21:00
--- E O F ---

HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 9:07:42 PM, on 6/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINNT\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\notepad.exe
C:\unzipped\hijackthis[1]\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINNT\system32\qylojwan.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINNT\system32\mZBTBHee.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {F9C53038-408E-414A-BC75-0C460E64D316} - C:\WINNT\system32\byxvu.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [literuleeqwarn] C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Wcal] "C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: 64.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wintmw32 - wintmw32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McciContextHookSvc - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)


Thats all of them Thank you for your help so far.

Linkola

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINNT\system32\qylojwan.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINNT\system32\mZBTBHee.dll (file missing)
O2 - BHO: (no name) - {F9C53038-408E-414A-BC75-0C460E64D316} - C:\WINNT\system32\byxvu.dll (file missing)
Unknown
O4 - HKLM\..\Run: [literuleeqwarn] C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe
O4 - HKCU\..\Run: [Wcal] "C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" -vt yazb
O20 - AppInit_DLLs: 64.dll
O20 - Winlogon Notify: wintmw32 - wintmw32.dll (file missing)

Close ALL open windows
Click Fix Checked
Close HijackThis


======

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINNT\system32\qylojwan.dll
C:\WINNT\system32\rvnwkuet.dll
C:\WINNT\system32\nhieifhq.exe
C:\WINDOWS\tasks\A72EA56B919D5F67.job

Folder::
C:\VundoFix Backups
C:\Documents and Settings\All Users\Application Data\Gpljumpliterule

Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log

=====

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  
  
  =====
  
  Finally post fresh HijackThis log too

Linkola

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINNT\system32\qylojwan.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINNT\system32\mZBTBHee.dll (file missing)
O2 - BHO: (no name) - {F9C53038-408E-414A-BC75-0C460E64D316} - C:\WINNT\system32\byxvu.dll (file missing)
Unknown
O4 - HKLM\..\Run: [literuleeqwarn] C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe
O4 - HKCU\..\Run: [Wcal] "C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" -vt yazb
O20 - AppInit_DLLs: 64.dll
O20 - Winlogon Notify: wintmw32 - wintmw32.dll (file missing)

Close ALL open windows
Click Fix Checked
Close HijackThis


======

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINNT\system32\qylojwan.dll
C:\WINNT\system32\rvnwkuet.dll
C:\WINNT\system32\nhieifhq.exe
C:\WINDOWS\tasks\A72EA56B919D5F67.job

Folder::
C:\VundoFix Backups
C:\Documents and Settings\All Users\Application Data\Gpljumpliterule

Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log

=====

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  
  
  =====
  
  Finally post fresh HijackThis log too

Linkola

sorry, double post.

the darleks

When I run avg antispyware in safemode I cannot see the whole screen.
When I ran it it came up with only cookies that were deleted not quarentined.

I haven't gotten any popups after your first steps were applied but still hear things starting and stopping in the background even when noone is touching the computer.



Logfile of HijackThis v1.99.1
Scan saved at 3:10:49 PM, on 6/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
C:\unzipped\hijackthis[1]\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McciContextHookSvc - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)

the darleks

When I am looking at the posts from earlier in the week on this posting there is a face showing up. when I put the cursor on it without clicking it shows up TBH. is that a problem on my end.

Linkola

Please download Deckard's System Scanner to your Desktop


* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

the darleks

Deckard's System Scanner v20070611.50
Run by Randy on 2007-07-01 at 16:35:04
Computer is in Normal Mode.

---

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Randy.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 4:35:21 PM, on 7/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\DOCUME~1\Randy\LOCALS~1\Temp\InstallHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Randy\Desktop\dss.exe
C:\unzipped\HIJACK~1\Randy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Randy\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Randy\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McciContextHookSvc - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)

-- HijackThis Fixed Entries (C:\unzipped\HIJACK~1\backups\)

---

backup-20070627-105513-218 O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINNT\system32\qylojwan.dll (file missing)
backup-20070627-105514-218 O4 - HKCU\..\Run: [Wcal] "C:\DOCUME~1\Randy\MYDOCU~1\DOBE~1\wuaclt.exe" -vt yazb
backup-20070627-105514-601 O2 - BHO: (no name) - {F9C53038-408E-414A-BC75-0C460E64D316} - C:\WINNT\system32\byxvu.dll (file missing)
backup-20070627-105514-793 O4 - HKLM\..\Run: [literuleeqwarn] C:\Documents and Settings\All Users\Application Data\Gpljumpliterule\joy site.exe
backup-20070627-105514-825 O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINNT\system32\mZBTBHee.dll (file missing)
backup-20070627-105558-436 O20 - Winlogon Notify: wintmw32 - wintmw32.dll (file missing)
-- File Associations

---

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 FVNETusb (Linksys Wireless-B USB Network Adapter v2.8 Driver) - c:\winnt\system32\drivers\vnet58lx.sys <Not Verified; Cisco-Linksys LLC.; Wireless-B USB Network Adapter ver.2.8>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\winnt\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 CPQSETUP.SYS (Compaq Installation Driver) - c:\docume~1\randy\locals~1\temp\_istmp2.dir\_istmp0.dir\cpqsetup.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrempr5.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 usbser (Motorola A1000 USB Modem Driver) - c:\winnt\system32\drivers\usbser.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S3 McciContextHookSvc - c:\program files\common files\motive\mccicontexthooksvc_ssr.exe <Not Verified; Motive Communications, Inc.; >

-- Scheduled Tasks

---

2007-07-01 01:00:16 352 --a

---

C:\WINNT\Tasks\McQcTask.job
2007-06-23 15:00:03 258 --ah

---

C:\WINNT\Tasks\A72EA56B919D5F67.job

-- Files created between 2007-06-01 and 2007-07-01

---

2007-07-01 16:19:23 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_5b0.dat
2007-07-01 09:27:30 1008214 ---h

---

C:\WINNT\ShellIconCache
2007-06-30 12:11:03 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_5ac.dat
2007-06-30 09:56:40 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_3b4.dat
2007-06-28 19:51:02 16384 --a

---

t C:\WINNT\system32\Perflib_Perfdata_59c.dat
2007-06-27 11:12:18 528 --a

---

C:\CFCleanUp.bat
2007-06-27 01:31:14 0 dr-h

---

C:\$VAULT$.AVG
2007-06-27 00:17:17 0 d

---

C:\Documents and Settings\Randy\Application Data\AVG7
2007-06-27 00:16:59 0 d

---

C:\Documents and Settings\Default User\Application Data\AVG7
2007-06-27 00:16:20 0 d-a

---

C:\Documents and Settings\All Users\Application Data\avg7
2007-06-27 00:10:00 0 d

---

C:\Documents and Settings\Randy\Application Data\Viewpoint
2007-06-25 22:43:43 4212 ---h

---

C:\WINNT\system32\zllictbl.dat
2007-06-25 22:43:03 11264 --a

---

C:\WINNT\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-06-25 22:41:38 0 d-a

---

C:\WINNT\system32\ZoneLabs
2007-06-25 22:39:59 0 d-a

---

C:\WINNT\Internet Logs
2007-06-25 17:26:13 0 d

---

C:\Program Files\SpywareBlaster
2007-06-25 12:33:21 0 d

---

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-25 12:32:53 0 d

---

C:\Program Files\SUPERAntiSpyware
2007-06-25 12:32:53 0 d

---

C:\Documents and Settings\Randy\Application Data\SUPERAntiSpyware.com
2007-06-25 10:12:42 0 d

---

C:\Documents and Settings\Billy\Application Data\Grisoft
2007-06-24 23:51:26 0 d

---

C:\WINNT\system32\Kaspersky Lab
2007-06-24 22:29:04 0 d

---

C:\WINNT\BDOSCAN8
2007-06-24 19:52:59 0 d

---

C:\WINNT\system32\ActiveScan
2007-06-24 09:28:12 0 d

---

C:\Program Files\McAfee.com
2007-06-24 09:28:01 0 d

---

C:\Program Files\Common Files\McAfee
2007-06-24 09:27:49 0 d

---

C:\Program Files\McAfee
2007-06-24 09:19:07 0 d

---

C:\Documents and Settings\All Users\Application Data\McAfee
2007-06-24 09:06:12 0 d

---

C:\Documents and Settings\Randy\Application Data\MSN6
2007-06-24 08:50:41 0 d

---

C:\Program Files\Microsoft Office Outlook Connector
2007-06-24 08:48:37 0 d

---

C:\Program Files\MSN Messenger
2007-06-24 08:48:37 0 d

---

C:\Program Files\Messenger
2007-06-24 08:41:38 0 d

---

C:\Documents and Settings\Randy\Application Data\Motive
2007-06-24 08:35:18 0 d

---

C:\Documents and Settings\Randy\Application Data\MSNInstaller
2007-06-24 08:33:30 0 d

---

C:\Documents and Settings\All Users\Application Data\MSN6
2007-06-24 08:27:20 0 d-a

---

C:\Documents and Settings\All Users\Application Data\Motive
2007-06-24 08:26:11 0 d-a

---

C:\Program Files\Common Files\Motive
2007-06-24 08:21:31 0 d

---

C:\Program Files\SupportSoft
2007-06-24 06:55:56 0 d

---

C:\Documents and Settings\Randy\Application Data\HouseCall 6.6
2007-06-24 00:46:55 0 d

---

C:\Documents and Settings\Randy\.housecall6.6
2007-06-23 23:55:36 0 d

---

C:\Documents and Settings\Randy\Application Data\Grisoft
2007-06-23 23:54:22 0 d

---

C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-23 17:45:12 0 d

---

C:\Program Files\Enigma Software Group
2007-06-18 17:01:36 0 d

---

C:\Program Files\Viewpoint
2007-06-16 10:05:22 0 d

---

C:\Documents and Settings\Randy\Application Data\Lavasoft
2007-06-10 17:09:53 12888 --a

---

C:\Documents and Settings\Billy\Application Data\GDIPFONTCACHEV1.DAT
2007-06-10 09:19:26 0 d

---

C:\Documents and Settings\Billy\Application Data\Bitbliss Studios
2007-06-10 08:27:12 4096 --a

---

C:\WINNT\d3dx.dat
2007-06-09 12:35:10 0 d

---

C:\Documents and Settings\Billy\Application Data\MegauploadToolbar
2007-06-02 11:41:11 0 d

---

C:\Documents and Settings\Randy\Application Data\MySpace

-- Find3M Report

---

2007-07-01 09:06:12 0 d

---

C:\Program Files\Verizon Online
2007-06-30 16:18:01 0 d

---

C:\Program Files\PopCap Games
2007-06-30 12:16:22 0 d

---

C:\Documents and Settings\Randy\Application Data\LimeWire
2007-06-25 19:17:33 0 d

---

C:\Program Files\WUSB11 WLAN Monitor
2007-06-25 12:32:13 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2007-06-24 20:34:35 0 d

---

C:\Program Files\AIM6
2007-06-24 01:52:23 0 d

---

C:\Program Files\QuickTime
2007-06-23 15:47:55 88 --a

---

C:\WINNT\popcinfo.dat
2007-06-14 18:02:41 0 d

---

C:\Program Files\MySpace
2007-06-10 20:46:45 1632 --a

---

C:\WINNT\system32\d3d8caps.dat
2007-06-09 12:35:03 0 d--h

---

C:\Program Files\InstallShield Installation Information
2007-05-22 17:11:07 0 d-ah

---

C:\Program Files\WindowsUpdate
2007-05-08 16:45:10 0 d

---

C:\Program Files\Motorola Phone Tools
2007-05-01 18:04:42 0 d

---

C:\Program Files\SwiftSwitch
2007-05-01 11:40:56 0 d

---

C:\Program Files\Avanquest update
2007-05-01 11:40:54 0 d

---

C:\Documents and Settings\Randy\Application Data\InstallShield
2007-05-01 11:34:44 0 d

---

C:\Program Files\Common Files\InstallShield
2007-04-21 15:00:45 77312 --a

---

C:\WINNT\ua2.dll

-- Registry Dump

---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"nwiz"="nwiz.exe /install"
"cpqek"="C:\\Program Files\\Compaq\\Compaq EAB Software\\cpqek.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Verizon Custom Uninstall Tracking"="C:\\DOCUME~1\\Randy\\LOCALS~1\\Temp\\InstallHelper.exe /uninstalltrackingvendor=Verizon"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"="za"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

-- End of Deckard's System Scanner: finished at 2007-07-01 at 16:36:37

---

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English
CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 319.54 MiB / 117.1 MiB
Pagefile Memory (total/avail): 534.43 MiB / 171.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.09 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 9.54 GiB total, 1.32 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

-- Security Center

---

AUOptions is set to notify before install.

-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Randy\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLYM
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Randy
LOGONSERVER=\\BILLYM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Randy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Randy\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BILLYM
USERNAME=Randy
USERPROFILE=C:\Documents and Settings\Randy
windir=C:\WINNT

-- User Profiles

---

Blaine Gann (admin, profile directory not found)
Maria Barker (admin, profile directory not found)
Billy (admin)
Randy (admin)
Administrator (admin)

-- Add/Remove Programs

---

Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI Codec Pack --> C:\Documents and Settings\Billy\My Documents\AVI Codec Pack\uninstall.exe
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled Deluxe 1.862 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Bookworm Deluxe 1.03 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Compaq EAB Software --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Compaq\Compaq EAB Software\Uninst.isu" -c"C:\PROGRA~1\Compaq\COMPAQ~1\uninst.dll"
Dynomite Deluxe 2.71 --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Gutterball --> "C:\Program Files\Verizon Online\Gutterball\Uninstall.exe" "C:\Program Files\Verizon Online\Gutterball\install.log"
HijackThis 1.99.1 --> C:\unzipped\hijackthis[1]\HijackThis.exe /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Randy\Application Data\HouseCall 6.6\uninstaller.exe"
Insaniquarium Deluxe 1.0 --> C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
Instant Wireless USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}\setup.exe" -l0x9
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINNT\system32\KASPER~1\KASPER~1\kavuninstall.exe
LimeWire 4.12.6 --> "C:\Documents and Settings\Randy\My Documents\LimeWire\uninstall.exe"
Magic Ball 2 - New Worlds --> "C:\Program Files\Verizon Online\Magic Ball 2 - New Worlds\Uninstall.exe" "C:\Program Files\Verizon Online\Magic Ball 2 - New Worlds\install.log"
Magic Ball 3 --> "C:\Program Files\Verizon Online\Magic Ball 3\Uninstall.exe" "C:\Program Files\Verizon Online\Magic Ball 3\install.log"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB886903) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft Office Outlook Connector --> MsiExec.exe /I{95FC84C0-9F15-4831-8605-396FDC42071D}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINNT\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Panda ActiveScan --> C:\WINNT\system32\ASUninst.exe Panda ActiveScan
Peggle --> "C:\Program Files\Verizon Online\Peggle\Uninstall.exe" "C:\Program Files\Verizon Online\Peggle\install.log"
Rack em Up Road Trip --> "C:\Program Files\Verizon Online\Rack em Up Road Trip\Uninstall.exe" "C:\Program Files\Verizon Online\Rack em Up Road Trip\install.log"
Saints & Sinners Bowling --> "C:\Program Files\Verizon Online\Saints & Sinners Bowling\Uninstall.exe" "C:\Program Files\Verizon Online\Saints & Sinners Bowling\install.log"
Security Update for Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

-- End of Deckard's System Scanner: finished at 2007-07-01 at 16:36:37

---

Linkola

You have two antivirus installed, you should have only one on the computer, so remove mc afee or AVG7.

=======

Download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINNT\Tasks\A72EA56B919D5F67.job
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

=======

I wish you to remove this Viewpoint Media Player program using control panel add/remove programs.

=====

Then post fresh hijackthislog