Computer lags badly and takes forever to startup, applications take fo

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

3 Pages

1 2 3 >

Computer lags badly and takes forever to startup, applications take fo, Hjt Log included

Options

frozenthunder View Member Profile	Jul 20 2007, 06:39 AM Post #1
Member Posts: 123 OS: Windows XP	Hi there, heres the log, computer lags badly at startup and when trying to open just about anything. Logfile of HijackThis v1.99.1 Scan saved at 8:38:04 PM, on 7/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Windows\system32\HpSrvUI.exe C:\HP\KBD\KBD.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\FilmLoop Player\FilmLoop.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Steam-Down\Steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Metacafe\MetacafeAgent.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149309271765 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149309252640 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe This post has been edited by frozenthunder: Jul 20 2007, 06:40 AM

don77 View Member Profile	Jul 25 2007, 06:51 PM Post #2
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hello frozenthunder sorry for the delay Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Next Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

frozenthunder View Member Profile	Jul 26 2007, 09:31 AM Post #3
Member Posts: 123 OS: Windows XP	thanks for the reply, here are the logs..please note that explorer.exe closed at times during the scan and my internet connection got disconnected for a while during the kaspersky scan... Deckard's System Scanner v20070711.54 Run by Owner on 2007-07-26 at 18:29:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 1 Restore Point(s) -- 1: 2007-07-26 10:30:08 UTC - RP26 - Deckard's System Scanner Restore Point Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 6:33:44 PM, on 7/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Windows\system32\HpSrvUI.exe C:\HP\KBD\KBD.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\FilmLoop Player\FilmLoop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Steam-Down\Steam.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Metacafe\MetacafeAgent.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\DAP\DAP.EXE C:\Documents and Settings\Owner\Desktop\dss.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\Owner\Desktop\hijackt\Owner.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149309271765 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149309252640 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\hijackt\backups\) ------- backup-20061212-105421-541 O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM backup-20061212-105421-948 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE backup-20070210-123755-482 O4 - Startup: winlogon.lnk = ? backup-20070605-195044-245 O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll backup-20070627-185556-261 O4 - Global Startup: MsnVirRem.exe backup-20070627-185556-417 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070627-185556-447 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) backup-20070627-185556-865 O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing) S3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; Alcatel Bell; Alcatel USB ADSL NDIS WAN Miniport driver> S3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; Alcatel Bell; Alcatel Speed Touch USB ADSL Modem> S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device> S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla> S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> -- Scheduled Tasks ------------------------------------------------------------- 2007-07-13 17:39:28 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2007-07-13 16:06:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2006-06-03 17:30:49 400 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-06-26 and 2007-07-26 ----------------------------- 2007-07-21 19:12:56 0 dr-h----- C:\Documents and Settings\Owner\Recent 2007-07-21 16:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-07-21 16:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-21 13:15:18 268435456 --ahs---- C:\WINDOWS\system32\temppf.sys 2007-07-18 16:41:16 512 --a----c- C:\ScanSectorLog.dat 2007-07-17 19:11:48 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier 2007-07-17 18:59:18 140320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-17 18:59:18 4367136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-17 18:15:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System> 2007-07-11 18:03:15 0 d-------- C:\Program Files\Common Files\Apple 2007-07-11 18:03:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-07-08 18:10:05 0 d-------- C:\Program Files\Rapidown 2007-07-03 23:57:27 0 --a------ C:\Documents and Settings\Owner\Application Data\WGC_Client Preferences 2007-07-03 23:57:12 0 d-------- C:\Program Files\wgcenter 2007-07-03 23:43:49 248080 -----n--- C:\WINDOWS\system32\voxrt24.dll <Not Verified; Voxware, Inc.; RealTime Codec> 2007-07-03 23:43:49 56832 -----n--- C:\WINDOWS\system32\iyvu9_32.dll 2007-07-02 19:22:51 0 d------c- C:\ScummVM 2007-07-01 19:29:28 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-06-28 11:53:08 217088 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla> 2007-06-28 00:24:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Teleca 2007-06-28 00:24:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Ericsson 2007-06-28 00:17:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-06-28 00:17:08 0 d-------- C:\Program Files\Common Files\Teleca Shared 2007-06-28 00:17:05 0 d-------- C:\Program Files\Sony Ericsson 2007-06-28 00:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca -- Find3M Report --------------------------------------------------------------- 2007-07-26 18:07:13 0 d-------- C:\Program Files\Steam-Down 2007-07-25 21:27:55 0 d-------- C:\Program Files\STOPzilla! 2007-07-22 22:59:32 0 d-------- C:\Program Files\Warcraft III 2007-07-22 12:48:44 0 d-------- C:\Documents and Settings\Owner\Application Data\MetaCafe 2007-07-21 19:16:47 0 d-------- C:\Program Files\EZT 2007-07-21 19:08:35 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-07-21 16:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-21 15:40:47 0 d-------- C:\Program Files\MAIET 2007-07-17 18:53:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-06 15:20:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Murasu 2007-07-04 20:38:40 0 d-------- C:\Program Files\Common Files\Adobe 2007-06-27 21:37:43 0 d-------- C:\Program Files\Java 2007-06-27 21:01:35 3307 --a------ C:\WINDOWS\mozver.dat 2007-06-26 17:45:54 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-06-26 17:42:15 0 d-------- C:\Program Files\MSN Messenger 2007-06-26 17:36:24 0 d-------- C:\Program Files\Metacafe 2007-06-26 17:26:50 0 d-------- C:\Program Files\Hamachi 2007-06-26 17:26:16 0 d-------- C:\Program Files\DAP 2007-06-22 14:59:18 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:59:10 294912 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:58:22 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:58:08 69632 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:57:48 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:57:30 184320 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:57:10 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:56:58 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-22 14:56:34 688128 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries> 2007-06-21 20:00:49 0 d-------- C:\Program Files\Common Files\iS3 2007-06-21 15:20:23 4286 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-20 19:42:56 0 d-------- C:\Program Files\Megaupload 2007-06-16 23:49:40 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-12 11:09:16 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-06-12 11:02:08 0 d-------- C:\Program Files\Visualboy Advance 2007-06-12 11:00:21 0 d-------- C:\Program Files\thriXXX 2007-06-11 15:18:13 0 d-------- C:\Program Files\Yahoo! 2007-06-10 17:49:24 0 d-------- C:\Documents and Settings\Owner\Application Data\fretsonfire 2007-06-10 17:17:23 0 d-------- C:\Program Files\e-Games 2007-06-06 10:06:45 0 d-------- C:\Documents and Settings\Owner\Application Data\uqm 2007-06-05 20:01:32 335 --a------ C:\WINDOWS\mozregistry.dat 2007-06-01 17:47:06 0 d-------- C:\Program Files\WC3Banlist 2007-05-30 09:10:21 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX 2007-05-29 21:23:00 0 d-------- C:\Program Files\Counter-Strike 1.6 2007-05-29 16:28:20 0 d-------- C:\Program Files\DivX 2007-05-26 21:07:27 85630 --a------ C:\WINDOWS\War3Unin.dat 2007-05-26 21:02:15 0 d-------- C:\Program Files\mIRC 2007-05-11 12:37:15 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-05-11 12:37:15 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX�> 2007-05-11 12:37:15 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX�> 2007-05-11 12:37:15 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX�> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll {1827766B-9F49-4854-8034-F6EE26FCB1EC} C:\Program Files\STOPzilla!\SZSG.dll {243B17DE-77C7-46BF-B94B-0B5F309A0E64} C:\Program Files\Microsoft Money\System\mnyside.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO.dll {5A263CF7-56A6-4D68-A8CF-345BE45BC911} C:\Program Files\Yahoo!\Search\YSearchSuggest.dll {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll {E3215F20-3212-11D6-9F8B-00D0B743919D} C:\Program Files\STOPzilla!\SZIEBHO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "hp Silent Service"="C:\\Windows\\system32\\HpSrvUI.exe" "hpScannerFirstBoot"="c:\\hp\\drivers\\scanners\\scannerfb.exe" "KBD"="C:\\HP\\KBD\\KBD.EXE" "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "PS2"="C:\\WINDOWS\\system32\\ps2.exe" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon" "IE Accelerator"="D:\\chess\\Booster\\IEAccelerator.exe /Auto" "YeppStudioAgent"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "FilmLoop"="\"C:\\Program Files\\FilmLoop Player\\FilmLoop.exe\" -hide" "DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime" "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NVIEW"="rundll32.exe nview.dll,nViewLoadHook" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart" "Steam"="\"C:\\Program Files\\Steam-Down\\Steam.exe\" -silent" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft Update Machine"="cfgroot.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoAdminPage"="1" "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 "WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "WizmaxBackup_NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs UxTuneUp [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc5b905-0ce7-11db-86e3-000c7617091d}] Shell\Auto\command RavMonE.exe e Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e -- Hosts ----------------------------------------------------------------------- 127.0.0.1 localhost #*Inserted By STOPzilla* 127.0.0.1 0websearch.com # *Inserted By STOPzilla* 127.0.0.1 2005-search.com # *Inserted By STOPzilla* 127.0.0.1 600pics.com # *Inserted By STOPzilla* 127.0.0.1 83.149.105.142 # *Inserted By STOPzilla* 127.0.0.1 83.149.105.225 # *Inserted By STOPzilla* 127.0.0.1 85.255.117.170 # *Inserted By STOPzilla* 127.0.0.1 a1.interclick.com # *Inserted By STOPzilla* 127.0.0.1 absolutepics.net # *Inserted By STOPzilla* 127.0.0.1 ad.yieldmanager.com # *Inserted By STOPzilla* 154 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-07-26 at 18:36:29 --------- Deckard's System Scanner v20070711.54 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.20GHz Percentage of Memory in Use: 74% Physical Memory (total/avail): 703.48 MiB / 181.43 MiB Pagefile Memory (total/avail): 923.05 MiB / 375.99 MiB Virtual Memory (total/avail): 2047.88 MiB / 1965.73 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.3 GiB total, 0.87 GiB free. D: is CDROM (No Media) E: is CDROM (CDFS) F: is CDROM (CDFS) G: is CDROM (No Media) H: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: ZoneAlarm Security Suite Firewall v7.0.337.000 (Check Point, LTD.) AV: ZoneAlarm Security Suite Antivirus v7.0.337.000 (Check Point, LTD.) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe::Enabled:Warcraft III" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Messenger" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe::Enabled:Hamachi Client" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-6S3LT0MYQT ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\YOUR-6S3LT0MYQT NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier" PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PCToolsDir=C:\Documents and Settings\All Users\Start Menu\Programs\Compaq\Compaq Presario PC Tools PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp tvdumpflags=8 USERDOMAIN=YOUR-6S3LT0MYQT USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin)* -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" -Control_Panel Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B} Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} ASX to MP3 Converter 2.7.5.800 2006.11.11 --> "C:\Program Files\Mini-stream\ASX to MP3 Converter\unins000.exe" Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove Autograph 3 --> MsiExec.exe /I{30343ECC-A872-4300-ACC7-D9A048D41607} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe BitComet 0.68 --> C:\Program Files\BitComet\uninst.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576 DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE easy Internet sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033 Eye Candy 4000 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\INSTALL.LOG FilmLoop Player --> C:\Program Files\FilmLoop Player\flinstagnt.exe /Uninstall FilmLoopPlayer FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe" Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" GunZ Mouse Re-Binder 1.13 --> "C:\Program Files\GunZ Mouse Re-Binder\unins000.exe" Hamachi 0.9.9.9 --> C:\Program Files\Hamachi\uninstall.exe HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe /uninstall HP Deskjet printer preloaded drivers --> MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C} hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS HP Memories Disc --> MsiExec.exe /X{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21} HP Multifunction products preloaded drivers --> MsiExec.exe /X{05546C67-B05F-4914-A7E9-5FB02CF54B4D} HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} HP Photosmart printers preloaded drivers --> MsiExec.exe /X{9E88DAA4-1352-4272-BA3A-897668408400} HP Scanjet scanner preloaded drivers --> MsiExec.exe /X{C2E091B0-46C9-4E2C-B162-A7734C6855B0} IE Accelerator 2.21 --> C:\PROGRA~1\IEACCE~1\UNWISE.EXE C:\PROGRA~1\IEACCE~1\INSTALL.LOG Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033 iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98} Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} K-Lite Mega Codec Pack 1.51 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe KBD --> C:\HP\KBD\KBD.EXE uninstalled LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R MediaCoder 0.5.1 --> C:\Program Files\MediaCoder\uninst.exe Mega Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe" -l0x9 -removeonly Metacafe --> C:\Program Files\Metacafe\uninstaller.exe Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7} Microsoft Encarta Encyclopedia Standard - WE 2003 --> MsiExec.exe /I{035A0014-3975-4267-9F39-1DC4745090B7} Microsoft Money --> MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F} Microsoft Money System Pack --> MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7} Microsoft Office 2000 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7} Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} Moyea FLV to Video Converter version 1.14.1.7 --> "C:\Program Files\Moyea\Moyea FLV to Video Converter\unins000.exe" Mozilla Firefox (2.0.0.5) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall Murasu Anjal --> C:\Program Files\Murasu Systems\Anjal2000\setup.exe -u -t NetBattle --> "C:\Program Files\NetBattle\unins000.exe" NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe" S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Samsung Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}\Setup.exe" -l0x9 Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log ShowBiz DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x9 SigmaTel MSCNMMC Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18420E45-B723-49A5-ACF9-7C132B1CBE53}\setup.exe" -l0x9 -remove Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe" SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Sony Ericsson PC Suite --> MsiExec.exe /I{EF83530A-50BD-4D1E-87D8-089DD4D39BFF} SpeedTouch USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7DE6498-9764-4657-846F-832EE3E6718D}\setup.exe" Steam-Down --> C:\WINDOWS\Steam-Down Uninstaller.exe Steam --> C:\PROGRA~1\STEAM-~1\UNWISE.EXE C:\PROGRA~1\STEAM-~1\INSTALL.LOG STOPzilla --> MsiExec.exe /X{61EBD840-FD43-43C8-B9D7-EE44FEA5400E} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6} TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} TVUPlayer 2.3.0.0 --> C:\Program Files\TVUPlayer\uninst.exe Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" Uninstall USB Storage RW Ver. 2.00.11.b04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WC3Banlist --> "C:\Program Files\WC3Banlist\unins000.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Wisdom-soft AutoScreenRecorder 2.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG Words That Follow --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.side-quest.com/caption/wtf.jnlp" World Gaming Center Version 2.1.1 with Gamescript Files --> "C:\Program Files\wgcenter\unins000.exe" Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe YAWLE 0.5b --> C:\WINDOWS\iun6002.exe "C:\Program Files\Warcraft III\irunin.ini" YP-T55 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B63CCC4-4465-4124-A9C1-EE565FC1C5A6}\Setup.exe" -l0x9 -remove ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- End of Deckard's System Scanner: finished at 2007-07-26 at 18:36:29 --------- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, July 26, 2007 11:27:38 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 26/07/2007 Kaspersky Anti-Virus database records: 368037 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 91000 Number of viruses found: 0 Number of infected objects: 0 / 0 Number of suspicious objects: 0 Duration of the scan process: 04:30:36 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20070726183824\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF3560.tmp Object is locked skipped C:\Deckard\System Scanner\20070726183824\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF35CD.tmp Object is locked skipped C:\Deckard\System Scanner\20070726183824\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF48AB.tmp Object is locked skipped C:\Deckard\System Scanner\20070726183824\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF4AAA.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla5.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG O

don77 View Member Profile	Jul 26 2007, 11:35 AM Post #4
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Lets try and do a little cleaning out Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the