Options

Google searches not working Porperly

Unknown
edited April 2008 in Spyware & Virus Removal
Hello and thank you for your help in advance. My computer is running slower than normal, especially when trying to start Internet Explorer. My main problem is that whenever I click on search results from google, I am re-directed to another site altogether. Google displays the proper results when I run a search, but when I click on the google results I am sent to another random website. I was not able to run a Kaspersky Virsus scan because Internet explorer kept crashing. Heree is my Hijack This Log



Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:12 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AirLink101\AWLC3026T\WLService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AirLink101\AWLC3026T\AWLC3026T.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A19C7E0-872E-49C8-BC69-47AF7C44D66D} - C:\WINDOWS\system32\jkhfc.dll (file missing)
O2 - BHO: (no name) - {7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {86964ABC-AB59-4C50-8127-9F177024D271} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C814ED78-12C9-4728-AC28-A8968444B907} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\ljjklkj.dll (file missing)
O2 - BHO: (no name) - {FC951141-35D5-4B09-82A9-D81A1E3A2E35} - C:\WINDOWS\system32\mlljk.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM6fb91d0d] Rundll32.exe "C:\WINDOWS\system32\qqgjmmce.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0CC9D7-D455-434A-9A24-1FAB942D0880}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: awtttrr - awtttrr.dll (file missing)
O20 - Winlogon Notify: ljjklkj - ljjklkj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Airlink101 802.11g CardBus Adapter WLService (Airlink101 802.11g CardBus WLService) - Unknown owner - C:\Program Files\AirLink101\AWLC3026T\WLService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\DM101\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8919 bytes

Comments

  • ThomasThomas
    edited April 2008
    Hello apollo619,

    Gotta assume you felt that underlined bolded font would add something here, but in truth it is nearly impossible to read through like that. But I can see infection is loaded there, so let's take a more detailed few looks and then start repairs. No more double posting of requests if you would either - just adds work for others.

    The logs show your DNS server settings directed to known OpenDNS servers. Do you recall running SpyBot, and it mentioning anything related to DNS changes there?


    Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

    Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Options, place a check next to the following:

    Backup Registry Hives

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

    Also Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your protective software queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. Here are guidelines for using Silent Runners. You can use separate posts here when replying and posting the log files if needed.

    And all with normal fonts please.
  • apollo619
    edited April 2008
    Hello Thomas,

    Sorry for the double posting and underlining my log, I should'nt be making your life more difficult. My bad. I ran the deckards scanner and here are the main text followed by the second txt file results.

    Deckard's System Scanner v20071014.68
    Run by DM101 on 2008-04-05 21:31:00
    Computer is in Normal Mode.
    Backed up registry hives.

    -- HijackThis (run as DM101.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:31:52 PM, on 4/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\AirLink101\AWLC3026T\WLService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AirLink101\AWLC3026T\AWLC3026T.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\DM101\desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\DM101.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4A19C7E0-872E-49C8-BC69-47AF7C44D66D} - C:\WINDOWS\system32\jkhfc.dll (file missing)
    O2 - BHO: (no name) - {7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B} - C:\WINDOWS\system32\pmnlm.dll (file missing)
    O2 - BHO: (no name) - {86964ABC-AB59-4C50-8127-9F177024D271} - C:\WINDOWS\system32\pmkjj.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {C814ED78-12C9-4728-AC28-A8968444B907} - C:\WINDOWS\system32\jkkli.dll (file missing)
    O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\ljjklkj.dll (file missing)
    O2 - BHO: (no name) - {FC951141-35D5-4B09-82A9-D81A1E3A2E35} - C:\WINDOWS\system32\mlljk.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BM6fb91d0d] Rundll32.exe "C:\WINDOWS\system32\qqgjmmce.dll",s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0CC9D7-D455-434A-9A24-1FAB942D0880}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: awtttrr - awtttrr.dll (file missing)
    O20 - Winlogon Notify: ljjklkj - ljjklkj.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Airlink101 802.11g CardBus Adapter WLService (Airlink101 802.11g CardBus WLService) - Unknown owner - C:\Program Files\AirLink101\AWLC3026T\WLService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\DM101\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 8954 bytes
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R3 RT61 (Airlink101 802.11g CardBus Adapter Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
    S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Airlink101 802.11g CardBus WLService (Airlink101 802.11g CardBus Adapter WLService) - c:\program files\airlink101\awlc3026t\wlservice.exe
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S2 hpdj - c:\docume~1\dm101\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product= (file missing)
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

    -- Device Manager: Disabled
    No disabled devices found.

    -- Scheduled Tasks
    2008-04-03 11:57:25 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-03-26 23:42:01 436 --a
    C:\WINDOWS\Tasks\EasyShare Registration Task.job

    -- Files created between 2008-03-05 and 2008-04-05
    2008-04-03 17:19:10 0 d
    C:\Program Files\Trend Micro
    2008-04-03 14:06:47 0 d
    C:\Program Files\Panda Security
    2008-04-03 13:24:13 0 d
    C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-27 11:58:25 0 d
    C:\Program Files\Safari
    2008-03-13 08:58:23 0 d
    C:\Program Files\CCleaner
    2008-03-13 08:37:30 0 d
    C:\Documents and Settings\DM101\Application Data\DNA
    2008-03-13 08:37:29 0 d
    C:\Program Files\DNA
    2008-03-09 21:31:36 487479 --a
    C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
    2008-03-09 21:31:36 60273 --a
    C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
    2008-03-09 21:31:36 719872 --a
    C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
    2008-03-09 21:31:36 0 d
    C:\WINDOWS\system32\avsplugin
    2008-03-09 21:31:36 313344 --a
    C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
    2008-03-09 21:31:36 7277568 --a
    C:\WINDOWS\system32\3gpcore.dll
    2008-03-09 21:31:36 0 d
    C:\Program Files\Smallvideosoft
    2008-03-09 17:54:24 722 --a
    C:\3qa2br.exe
    2008-03-09 17:23:47 266240 --a
    C:\WINDOWS\system32\sleep32.dll
    2008-03-09 17:23:44 722 --a
    C:\xalhoa.exe
    2008-03-07 17:40:31 0 d
    C:\Program Files\LG Electronics
    2008-03-07 17:40:01 0 d
    C:\Program Files\Sprint music manager
    2008-03-07 17:35:56 0 d
    C:\WINDOWS\system32\drivers\UMDF

    -- Find3M Report
    2008-04-04 15:54:28 61041 --a
    C:\logfile
    2008-04-03 13:24:51 0 d
    C:\Program Files\SpywareBlaster
    2008-03-29 21:50:39 0 d
    C:\Program Files\PokerStars
    2008-03-29 11:33:50 0 d
    C:\Documents and Settings\DM101\Application Data\BitTorrent
    2008-03-13 08:37:26 0 d
    C:\Program Files\BitTorrent_DNA
    2008-03-13 08:37:25 0 d
    C:\Documents and Settings\DM101\Application Data\BitTorrent DNA
    2008-03-09 21:03:12 0 d
    C:\Program Files\Movie Maker
    2008-02-28 12:07:29 0 d
    C:\Program Files\iTunes
    2008-02-28 12:07:06 0 d
    C:\Program Files\iPod
    2008-02-28 12:04:44 0 d
    C:\Program Files\QuickTime
    2008-02-26 09:35:49 292210 --ahs---- C:\WINDOWS\system32\ilkkj.ini2
    2008-02-23 09:56:45 262184 --ahs---- C:\WINDOWS\system32\kjllm.ini2
    2008-02-19 06:57:42 4212 --ah
    C:\WINDOWS\system32\zllictbl.dat
    2008-02-18 17:41:19 0 d
    C:\Program Files\Messenger
    2008-02-18 17:39:04 0 d
    C:\Program Files\Google
    2008-02-18 16:50:56 238777 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
    2008-02-18 16:48:42 0 d
    C:\Program Files\Common Files
    2008-02-18 15:24:44 0 d
    C:\Program Files\Lavasoft
    2008-02-18 15:24:13 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 20:07:52 0 d
    C:\Program Files\BitTorrent
    2008-02-13 21:21:46 0 d
    C:\Program Files\Common Files\Adobe
    2008-02-06 20:55:44 664 --a
    C:\WINDOWS\system32\d3d9caps.dat
    2008-02-06 08:44:07 0 d
    C:\Program Files\Overland
    2008-01-31 15:04:39 0 --a
    C:\WINDOWS\nsreg.dat
    2008-01-09 09:30:14 8021 --ahs---- C:\WINDOWS\system32\jjkmp.ini2

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A19C7E0-872E-49C8-BC69-47AF7C44D66D}]
    C:\WINDOWS\system32\jkhfc.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B}]
    C:\WINDOWS\system32\pmnlm.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86964ABC-AB59-4C50-8127-9F177024D271}]
    C:\WINDOWS\system32\pmkjj.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C814ED78-12C9-4728-AC28-A8968444B907}]
    C:\WINDOWS\system32\jkkli.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]
    C:\WINDOWS\system32\ljjklkj.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC951141-35D5-4B09-82A9-D81A1E3A2E35}]
    C:\WINDOWS\system32\mlljk.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2005 08:00 PM]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 09:29 AM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [01/12/2006 11:14 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
    "BM6fb91d0d"="C:\WINDOWS\system32\qqgjmmce.dll" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03/17/2005 10:10 AM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 12:06 AM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2007 09:59 PM]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [03/13/2008 08:37 AM]
    C:\Documents and Settings\DM101\Start Menu\Programs\Startup\
    MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [3/7/2008 5:40:02 PM]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/1/2007 9:59:55 PM]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 4:33:46 AM]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{D85530E8-D39D-49D0-9F36-300D594556D2}"= C:\WINDOWS\system32\ljjklkj.dll [ ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="kdrju.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttrr]
    awtttrr.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjklkj]
    ljjklkj.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d7ce41-7efa-11dc-b33a-806d6172696f}]
    PlayDVD_PlayVideoFilesOnArrival\command- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L


    -- End of Deckard's System Scanner: finished at 2008-04-05 21:32:47
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) M processor 2.00GHz
    Percentage of Memory in Use: 47%
    Physical Memory (total/avail): 1023.36 MiB / 540.36 MiB
    Pagefile Memory (total/avail): 2460.61 MiB / 1942.8 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1956.55 MiB
    C: is Fixed (NTFS) - 24.41 GiB total, 4.82 GiB free.
    D: is Fixed (NTFS) - 31.48 GiB total, 31.05 GiB free.
    E: is CDROM (UDF)
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - IC25N060ATMR04-0 - 55.89 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 31.48 GiB - D:

    -- Security Center
    AUOptions is disabled.
    Windows Internal Firewall is disabled.
    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
    AV: AVG 7.5.519 v7.5.519 (Grisoft)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\DM101\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CLIENTNAME=Console
    COLLECTIONID=COL7299
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=INTEL2GHZ
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HMSERVER=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\DM101
    ITEMID=oj-21918-1
    LANG=1033
    LOGONSERVER=\\INTEL2GHZ
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    OSVER=winXPP
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONID=1197481962999g1u0355c.austin.hp.com-4439d774:117ec609e92:872
    SESSIONNAME=Console
    SWUTVER=1.0.18.30716
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\DM101\LOCALS~1\Temp
    TIMEOUT=0
    TMP=C:\DOCUME~1\DM101\LOCALS~1\Temp
    TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
    tvdumpflags=8
    UPDATEDIR=C:\DOCUME~1\DM101\LOCALS~1\Temp\rad4788C.tmp
    USERDOMAIN=INTEL2GHZ
    USERNAME=DM101
    USERPROFILE=C:\Documents and Settings\DM101
    VERSION=2.1.5
    windir=C:\WINDOWS

    -- User Profiles
    DM101 (admin)

    -- Add/Remove Programs
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Illustrator 9.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0\Uninst.dll"
    Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
    Airlink101 802.11g CardBus Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC8869AB-DCB7-43BE-860E-B8E1C6D86F9E}\Setup.exe" -l0x9
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
    C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
    ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
    ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    Eye Candy 4000 --> C:\EYECAN~1\UNWISE.EXE C:\EYECAN~1\INSTALL.LOG
    fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
    Freez 3GP Video Converter 2.0 --> "C:\Program Files\Smallvideosoft\Freez 3GP Video Converter\unins000.exe"
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    hp deskjet 5600 --> msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
    iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
    jetAudio Plus VX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
    Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
    kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
    kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
    kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
    kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
    kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
    kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
    kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
    Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1235db0f\Setup.exe /APR-REMOVE
    LG USB Modem Drivers --> MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
    Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
    Microsoft Office Visio Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Nero 7 Ultra Edition --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
    OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
    Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
    SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
    SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    Sprint music manager --> C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
    staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
    Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
    tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
    VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
    WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
    WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
    ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    -- Application Event Log
    Event Record #/Type3215 / Error
    Event Submitted/Written: 04/05/2008 01:39:50 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application ShowTime.exe, version 3.9.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type3202 / Warning
    Event Submitted/Written: 04/04/2008 03:51:32 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
    Event Record #/Type3197 / Error
    Event Submitted/Written: 04/03/2008 03:40:07 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a05b1b.
    Processing media-specific event for [iexplore.exe!ws!]
    Event Record #/Type3196 / Error
    Event Submitted/Written: 04/03/2008 03:24:47 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a05b1b.
    Processing media-specific event for [iexplore.exe!ws!]
    Event Record #/Type3195 / Error
    Event Submitted/Written: 04/03/2008 03:09:11 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a05b1b.
    Processing media-specific event for [iexplore.exe!ws!]

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type10016 / Warning
    Event Submitted/Written: 04/05/2008 09:16:44 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0014A592FE21. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Event Record #/Type10014 / Warning
    Event Submitted/Written: 04/05/2008 02:00:28 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Event Record #/Type10012 / Warning
    Event Submitted/Written: 04/05/2008 01:38:46 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0014A592FE21. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Event Record #/Type10010 / Warning
    Event Submitted/Written: 04/05/2008 01:38:42 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0014A592FE21. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Event Record #/Type10006 / Warning
    Event Submitted/Written: 04/04/2008 10:26:32 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0014A592FE21. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    -- End of Deckard's System Scanner: finished at 2008-04-05 21:32:47
  • apollo619
    edited April 2008
    Here is the Silent runners Log

    Silent Runners.vbs", revision 56, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "PopUpStopperFreeEdition" = ""C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"" ["Panicware, Inc."]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
    "BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" [null data]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
    "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
    "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
    "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
    "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
    "BM6fb91d0d" = "Rundll32.exe "C:\WINDOWS\system32\qqgjmmce.dll",s" [MS]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {4A19C7E0-872E-49C8-BC69-47AF7C44D66D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\jkhfc.dll" [file not found]
    {7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\pmnlm.dll" [file not found]
    {86964ABC-AB59-4C50-8127-9F177024D271}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\pmkjj.dll" [file not found]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
    \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" ["Google Inc."]
    {C814ED78-12C9-4728-AC28-A8968444B907}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\jkkli.dll" [file not found]
    {D85530E8-D39D-49D0-9F36-300D594556D2}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ljjklkj.dll" [file not found]
    {FC951141-35D5-4B09-82A9-D81A1E3A2E35}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\mlljk.dll" [file not found]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]
    "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
    -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM...CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
    "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
    -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
    -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
    -> {HKLM...CLSID} = "ImageExtractorShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\VISSHE.DLL" [MS]
    "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
    -> {HKLM...CLSID} = "CInfoTipShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\VISSHE.DLL" [MS]
    "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
    <<!>> "{D85530E8-D39D-49D0-9F36-300D594556D2}" = "*Z" (unwritable string)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ljjklkj.dll" [file not found]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
    HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    <<!>> "System" = "kdrju.exe" [null data]
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
    <<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\jkkli.dll"
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    <<!>> awtttrr\DLLName = "awtttrr.dll" [file not found]
    <<!>> ljjklkj\DLLName = "ljjklkj.dll" [file not found]
    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
    -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
    jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

    Group Policies {GPedit.msc branch and setting}:
    Note: detected settings may not have any effect.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
    "DisableRegistryTools" = (REG_DWORD) dword:0x00000000
    {User Configuration|Administrative Templates|System|
    Prevent access to registry editing tools}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}
    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:
    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "D:\Pics\auster_1024.bmp"
    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\DM101\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

    Enabled Screen Saver:
    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Startup items in "DM101" & "All Users" startup folders:
    C:\Documents and Settings\DM101\Start Menu\Programs\Startup
    "MEMonitor" -> shortcut to: "C:\Program Files\Sprint music manager\MEMonitor.exe -m" ["Smith Micro Software, Inc."]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Google Updater" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]
    "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" ["Eastman Kodak Company"]

    Enabled Scheduled Tasks:
    "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
    "EasyShare Registration Task" -> launches: "C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [EMAIL="_RegistrationOffer@16"]_RegistrationOffer@16[/EMAIL]" [MS]

    Winsock2 Service Provider DLLs:
    Namespace Service Providers
    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    Transport Service Providers
    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    Toolbars
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    Explorer Bars
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
    Extensions (Tools menu items, main toolbar menu buttons)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\
    "ButtonText" = "PokerStars"
    "Exec" = "C:\Program Files\PokerStars\PokerStarsUpdate.exe" ["PokerStars"]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Research"
    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

    Running Services (Display Name, Service Name, Path {Service DLL}):
    Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
    Airlink101 802.11g CardBus Adapter WLService, Airlink101 802.11g CardBus WLService, "C:\Program Files\AirLink101\AWLC3026T\WLService.exe" [null data]
    Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
    AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
    Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
    iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

    Print Monitors:
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    (launch time: 2008-04-05 21:41:08)
    <<!>>: Suspicious data at a malware launch point.
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    (total run time: 45 seconds, including 18 seconds for message boxes)
  • ThomasThomas
    edited April 2008
    Yes, the hidden DNS changer winlogon shows in Silent Runners. Along with some tough Vundo variant tricks there. Be very sure to keep Panda and any other security software disabled during repairs now.



    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

    Download SDFix.exe and save it to your desktop.

    Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

    ===================================================


    Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


    In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

    Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

    When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

    Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

    =============================

    After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ============================

    Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Extra Log, uncheck all the boxes.

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

    Post those along with the MBAM log and the SDFix report.txt log please.
  • apollo619
    edited April 2008
    Ok Here is th SdFix Report


    SDFix: Version 1.167
    Run by DM101 on Mon 04/07/2008 at 03:54 PM
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Rebooting

    Checking Files :
    Trojan Files Found:
    C:\WINDOWS\system32\kdrju.exe - Deleted
    C:\WINDOWS\system32\kdrju.exe - Deleted
    C:\WINDOWS\system32\pac.txt - Deleted

    Folder C:\Temp\bkR11 - Removed

    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-07 16:01:53
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :

    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Fri 7 Mar 2008 145,920 ..SHR --- "C:\Program Files\Sprint music manager\Setup.exe"
    Wed 1 Aug 2007 53,248 A.SHR --- "C:\Program Files\Sprint music manager\_Setupx.dll"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Wed 7 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\DM101\My Documents\~WRL1253.tmp"
    Tue 6 Nov 2007 40,448 ...H. --- "C:\Documents and Settings\DM101\My Documents\~WRL1384.tmp"
    Fri 7 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 27 Jan 2008 19,968 ...H. --- "C:\Documents and Settings\DM101\Application Data\Microsoft\Word\~WRL1298.tmp"
    Sun 27 Jan 2008 162 A..H. --- "C:\Deckard\System Scanner\20080405212940\backup\DOCUME~1\DM101\LOCALS~1\Temp\~$RD2613.tmp"
    Finished!



    Here is the MBAM Report

    Malwarebytes' Anti-Malware 1.10
    Database version: 598
    Scan type: Quick Scan
    Objects scanned: 46529
    Time elapsed: 15 minute(s), 36 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6fb91d0d (Trojan.Agent) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
    Files Infected:
    C:\WINDOWS\system32\sleep32.dll (Spyware.Passwords) -> Quarantined and deleted successfully.


    and here is the Main txt

    Deckard's System Scanner v20071014.68
    Run by DM101 on 2008-04-07 17:00:35
    Computer is in Normal Mode.

    -- HijackThis (run as DM101.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:00:43 PM, on 4/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AirLink101\AWLC3026T\WLService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AirLink101\AWLC3026T\AWLC3026T.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\DM101\desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\DM101.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4A19C7E0-872E-49C8-BC69-47AF7C44D66D} - C:\WINDOWS\system32\jkhfc.dll (file missing)
    O2 - BHO: (no name) - {7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B} - C:\WINDOWS\system32\pmnlm.dll (file missing)
    O2 - BHO: (no name) - {86964ABC-AB59-4C50-8127-9F177024D271} - C:\WINDOWS\system32\pmkjj.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {C814ED78-12C9-4728-AC28-A8968444B907} - C:\WINDOWS\system32\jkkli.dll (file missing)
    O2 - BHO: (no name) - {FC951141-35D5-4B09-82A9-D81A1E3A2E35} - C:\WINDOWS\system32\mlljk.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0CC9D7-D455-434A-9A24-1FAB942D0880}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: awtttrr - awtttrr.dll (file missing)
    O20 - Winlogon Notify: ljjklkj - ljjklkj.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Airlink101 802.11g CardBus Adapter WLService (Airlink101 802.11g CardBus WLService) - Unknown owner - C:\Program Files\AirLink101\AWLC3026T\WLService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\DM101\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 8541 bytes
    -- File Associations
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R3 catchme - c:\docume~1\dm101\locals~1\temp\catchme.sys (file missing)
    R3 RT61 (Airlink101 802.11g CardBus Adapter Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
    S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Airlink101 802.11g CardBus WLService (Airlink101 802.11g CardBus Adapter WLService) - c:\program files\airlink101\awlc3026t\wlservice.exe
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S2 hpdj - c:\docume~1\dm101\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product= (file missing)
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

    -- Device Manager: Disabled
    No disabled devices found.

    -- Scheduled Tasks
    2008-04-03 12:57:25 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-03-27 00:42:01 436 --a
    C:\WINDOWS\Tasks\EasyShare Registration Task.job

    -- Files created between 2008-03-07 and 2008-04-07
    2008-04-07 16:13:37 0 d
    C:\Documents and Settings\DM101\Application Data\Malwarebytes
    2008-04-07 16:13:27 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 16:13:27 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 15:39:17 0 d
    C:\WINDOWS\ERUNT
    2008-04-03 18:19:10 0 d
    C:\Program Files\Trend Micro
    2008-04-03 15:06:47 0 d
    C:\Program Files\Panda Security
    2008-04-03 14:24:13 0 d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-27 12:58:25 0 d
    C:\Program Files\Safari
    2008-03-13 09:58:23 0 d
    C:\Program Files\CCleaner
    2008-03-13 09:37:30 0 d
    C:\Documents and Settings\DM101\Application Data\DNA
    2008-03-13 09:37:29 0 d
    C:\Program Files\DNA
    2008-03-09 22:31:36 487479 --a
    C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
    2008-03-09 22:31:36 60273 --a
    C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
    2008-03-09 22:31:36 719872 --a
    C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
    2008-03-09 22:31:36 0 d
    C:\WINDOWS\system32\avsplugin
    2008-03-09 22:31:36 313344 --a
    C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
    2008-03-09 22:31:36 7277568 --a
    C:\WINDOWS\system32\3gpcore.dll
    2008-03-09 22:31:36 0 d
    C:\Program Files\Smallvideosoft
    2008-03-09 18:54:24 722 --a
    C:\3qa2br.exe
    2008-03-09 18:23:44 722 --a
    C:\xalhoa.exe
    2008-03-07 18:40:31 0 d
    C:\Program Files\LG Electronics
    2008-03-07 18:40:01 0 d
    C:\Program Files\Sprint music manager
    2008-03-07 18:35:56 0 d
    C:\WINDOWS\system32\drivers\UMDF

    -- Find3M Report
    2008-04-07 16:10:34 61193 --a
    C:\logfile
    2008-04-03 14:24:51 0 d
    C:\Program Files\SpywareBlaster
    2008-03-29 22:50:39 0 d
    C:\Program Files\PokerStars
    2008-03-29 12:33:50 0 d
    C:\Documents and Settings\DM101\Application Data\BitTorrent
    2008-03-13 09:37:26 0 d
    C:\Program Files\BitTorrent_DNA
    2008-03-13 09:37:25 0 d
    C:\Documents and Settings\DM101\Application Data\BitTorrent DNA
    2008-03-09 22:03:12 0 d
    C:\Program Files\Movie Maker
    2008-02-28 13:07:29 0 d
    C:\Program Files\iTunes
    2008-02-28 13:07:06 0 d
    C:\Program Files\iPod
    2008-02-28 13:04:44 0 d
    C:\Program Files\QuickTime
    2008-02-26 10:35:49 292210 --ahs---- C:\WINDOWS\system32\ilkkj.ini2
    2008-02-23 10:56:45 262184 --ahs---- C:\WINDOWS\system32\kjllm.ini2
    2008-02-19 07:57:42 4212 --ah
    C:\WINDOWS\system32\zllictbl.dat
    2008-02-18 18:41:19 0 d
    C:\Program Files\Messenger
    2008-02-18 18:39:04 0 d
    C:\Program Files\Google
    2008-02-18 17:50:56 238777 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
    2008-02-18 17:48:42 0 d
    C:\Program Files\Common Files
    2008-02-18 16:24:44 0 d
    C:\Program Files\Lavasoft
    2008-02-18 16:24:13 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 21:07:52 0 d
    C:\Program Files\BitTorrent
    2008-02-13 22:21:46 0 d
    C:\Program Files\Common Files\Adobe
    2008-02-06 21:55:44 664 --a
    C:\WINDOWS\system32\d3d9caps.dat
    2008-01-31 16:04:39 0 --a
    C:\WINDOWS\nsreg.dat
    2008-01-09 10:30:14 8021 --ahs---- C:\WINDOWS\system32\jjkmp.ini2

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A19C7E0-872E-49C8-BC69-47AF7C44D66D}]
    C:\WINDOWS\system32\jkhfc.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B}]
    C:\WINDOWS\system32\pmnlm.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86964ABC-AB59-4C50-8127-9F177024D271}]
    C:\WINDOWS\system32\pmkjj.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C814ED78-12C9-4728-AC28-A8968444B907}]
    C:\WINDOWS\system32\jkkli.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC951141-35D5-4B09-82A9-D81A1E3A2E35}]
    C:\WINDOWS\system32\mlljk.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2005 09:00 PM]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 10:29 AM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 12:24 PM]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [01/13/2006 12:14 AM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 05:05 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03/17/2005 11:10 AM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2007 10:59 PM]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [03/13/2008 09:37 AM]
    C:\Documents and Settings\DM101\Start Menu\Programs\Startup\
    MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [3/7/2008 6:40:02 PM]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/1/2007 10:59:55 PM]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttrr]
    awtttrr.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjklkj]
    ljjklkj.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"


    -- End of Deckard's System Scanner: finished at 2008-04-07 17:01:28
  • ThomasThomas
    edited April 2008
    Good progress, and more repairs to go. The we'll scan after to see what remains.


    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


    Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

    Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made.
    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
  00
    Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

    Download The Avenger by Swandog from here and save it to your Desktop.

    Disconnect from net access, close all open programs and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool.

    Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.
    Files to delete:
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\nsreg.dat
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\awtttrr.dll
C:\WINDOWS\system32\ljjklkj.dll 
C:\3qa2br.exe
C:\xalhoa.exe
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A19C7E0-872E-49C8-BC69-47AF7C44D66D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ED26B10-9E3C-45C8-81E8-CE3E72F14C6B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86964ABC-AB59-4C50-8127-9F177024D271}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C814ED78-12C9-4728-AC28-A8968444B907}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC951141-35D5-4B09-82A9-D81A1E3A2E35}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttrr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjklkj

    Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

    Then reconnect to net access and go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

    To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here.

    To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

    Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Extra Log, uncheck all the boxes.

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

    Post back the that log along with the Kaspersky log and the avenger.txt log please.
  • VekaVeka Finland
    edited April 2008
    This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

    If you are not the user who started this thread, you must start your own Thread instead :)
Sign In or Register to comment.