Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
various problems on mothers pc [RESOLVED], She has various loggers malware etc
mutley249
post Aug 11 2007, 07:03 AM
Post #1


Member
**
Posts: 19
OS: win xp sp2
I have been asked by my mother to look at her pc, having done this through usual checks have found various problems. I have been through your prescribed methods and enclose the following logs.

Logfile of HijackThis v1.99.1
Scan saved at 13:55:53, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33D8A1B6-13AA-40F1-8F65-3C8E9B0F9BE7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\AVALUE~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[2].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUYYYYYYMKGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr...IE_1/wiaaut.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182418525843
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{961E805C-F52F-4B7A-9889-B0D38BEB6EA2}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcdawv - efcdawv.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

SUPERAntiSpyware Scan Log
Generated 08/11/2007 at 01:04 PM

Application Version : 3.6.1000

Core Rules Database Version : 3284
Trace Rules Database Version: 1295

Scan type : Complete Scan
Total Scan Time : 00:35:16

Memory items scanned : 455
Memory threats detected : 2
Registry items scanned : 5561
Registry threats detected : 82
File items scanned : 34360
File threats detected : 11

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\HVFAKPPA.DLL
C:\WINDOWS\SYSTEM32\HVFAKPPA.DLL
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WBXEJUAH.DLL
HKLM\Software\Classes\CLSID\{9A853E36-4A35-4DBF-9C03-AD9423798E35}
HKCR\CLSID\{9A853E36-4A35-4DBF-9C03-AD9423798E35}
HKCR\CLSID\{9A853E36-4A35-4DBF-9C03-AD9423798E35}\InprocServer32
HKCR\CLSID\{9A853E36-4A35-4DBF-9C03-AD9423798E35}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EFCDAWV.DLL
HKLM\Software\Classes\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\OTCVUGIY.DLL
HKLM\Software\Classes\CLSID\{E12BFF69-38A7-406e-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MCVORVEG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E12BFF69-38A7-406e-A8EF-2738107A7831}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{9A853E36-4A35-4DBF-9C03-AD9423798E35}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{9A853E36-4A35-4DBF-9C03-AD9423798E35}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}

Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1482476501-1425521274-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1482476501-1425521274-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

Adware.Tracking Cookie
C:\Documents and Settings\A Valued Customer\Cookies\a_valued_customer@mywebsearch[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\Software\WinAntiVirus Pro 2007
HKLM\Software\WinAntiVirus Pro 2007#EulUWA7P_0001_N93M1904

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE


I also carried out an AVG anti spyware in safe mode which was clean.

Any help would be greatly accepted and appreiciated

Neil

edit

Forgot to include Deckard's logs:-

Deckard's System Scanner v20070809.63
Run by A Valued Customer on 2007-08-11 at 14:08:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2007-08-11 13:08:17 UTC - RP6 - Deckard's System Scanner Restore Point
4: 2007-08-11 12:14:20 UTC - RP5 - Installed Java™ 6 Update 2
3: 2007-08-11 11:25:41 UTC - RP4 - Installed SUPERAntiSpyware Free Edition
2: 2007-08-11 11:18:56 UTC - RP3 - new 110807
1: 2007-08-11 11:16:02 UTC - RP2 - new on 110807


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as A Valued Customer.exe) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:09:57, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\A Valued Customer\Desktop\DO NOT DELETE OR TOUCH\dss.exe
C:\PROGRA~1\HIJACK~1\A Valued Customer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33D8A1B6-13AA-40F1-8F65-3C8E9B0F9BE7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\AVALUE~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[2].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUYYYYYYMKGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr...IE_1/wiaaut.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182418525843
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://download.cdn.winsoftware.com/files/...2007Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{961E805C-F52F-4B7A-9889-B0D38BEB6EA2}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcdawv - efcdawv.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 CnxEtP (Conexant AccessRunner USB ADSL WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxEtU (Conexant AccessRunner USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxTgN (Conexant AccessRunner USB ADSL WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>
R3 Intels51 (Intel® 536EP Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 FXDRV - d:\fxdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 12:44:17 278 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-06-09 07:16:12 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 13:29:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-11 13:11:28 0 d-------- C:\Documents and Settings\A Valued Customer\Application Data\Grisoft
2007-08-11 13:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-11 12:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-11 12:25:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-11 12:25:42 0 d-------- C:\Documents and Settings\A Valued Customer\Application Data\SUPERAntiSpyware.com
2007-08-11 12:25:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 13:47:05 0 d-------- C:\Documents and Settings\A Valued Customer\Application Data\Ulead Systems
2007-07-25 13:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-07-25 11:17:10 0 d-------- C:\Program Files\Ulead Systems
2007-07-25 11:13:02 65536 --a------ C:\WINDOWS\amcap533.exe <Not Verified; DSC CAMERA; Amcap5xx>
2007-07-25 11:13:01 118784 --a------ C:\WINDOWS\ShowBmp.exe <Not Verified; ; ShowBmp Application>
2007-07-25 11:13:01 0 d-------- C:\WINDOWS\Setup533
2007-07-20 21:10:10 0 --a------ C:\WINDOWS\popcreg.dat
2007-07-20 21:10:10 16 --a------ C:\WINDOWS\popcinfot.dat
2007-07-19 09:19:53 66580 --a------ C:\WINDOWS\system32\yiagrsyf.dll
2007-07-19 09:17:00 66068 --a------ C:\WINDOWS\system32\ysopuixh.exe
2007-07-19 09:16:53 350241 --a------ C:\WINDOWS\system32\vhvjddcp.exe
2007-07-18 21:44:45 66580 --a------ C:\WINDOWS\system32\kjyddnrp.dll
2007-07-18 21:38:45 66068 --a------ C:\WINDOWS\system32\grdxydcx.exe
2007-07-18 08:14:28 66580 --a------ C:\WINDOWS\system32\kmpaojsw.dll
2007-07-18 08:11:25 350241 --a------ C:\WINDOWS\system32\xatenaih.exe
2007-07-18 08:11:23 66068 --a------ C:\WINDOWS\system32\arimurgb.exe
2007-07-17 09:33:19 66580 --a------ C:\WINDOWS\system32\ivgopjir.dll
2007-07-17 09:30:13 66068 --a------ C:\WINDOWS\system32\qtptaeje.exe
2007-07-16 21:47:19 66580 --a------ C:\WINDOWS\system32\yfvyowbd.dll
2007-07-16 21:38:19 66068 --a------ C:\WINDOWS\system32\vrvngaph.exe
2007-07-16 10:10:01 66580 --a------ C:\WINDOWS\system32\nimacnct.dll
2007-07-16 10:06:59 66068 --a------ C:\WINDOWS\system32\duvqnkjd.exe
2007-07-16 07:41:08 66580 --a------ C:\WINDOWS\system32\ymangatp.dll
2007-07-16 07:38:06 66068 --a------ C:\WINDOWS\system32\aekhetoo.exe
2007-07-15 09:00:37 66580 --a------ C:\WINDOWS\system32\ftntywli.dll
2007-07-15 08:54:37 66068 --a------ C:\WINDOWS\system32\vunkoksa.exe
2007-07-15 08:51:37 350241 --a------ C:\WINDOWS\system32\qfqbsheu.exe
2007-07-14 21:06:34 66580 --a------ C:\WINDOWS\system32\tkvtgemv.dll
2007-07-14 20:57:34 66068 --a------ C:\WINDOWS\system32\fagyolno.exe
2007-07-14 08:39:31 66580 --a------ C:\WINDOWS\system32\qquqsjsm.dll
2007-07-14 08:30:31 66068 --a------ C:\WINDOWS\system32\hphosorv.exe
2007-07-13 07:00:07 66580 --a------ C:\WINDOWS\system32\hocljmxb.dll
2007-07-13 06:54:07 66068 --a------ C:\WINDOWS\system32\ekhwicpy.exe
2007-07-12 08:55:01 66580 --a------ C:\WINDOWS\system32\gdluudpb.dll
2007-07-12 08:46:01 66068 --a------ C:\WINDOWS\system32\kbrqergu.exe
2007-07-11 08:15:06 66068 --a------ C:\WINDOWS\system32\jqfydnha.exe


-- Find3M Report ---------------------------------------------------------------

2007-08-11 13:17:38 0 d-------- C:\Program Files\Java
2007-08-11 12:25:20 0 d-------- C:\Program Files\Common Files
2007-08-09 23:41:09 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-07-31 21:09:29 24 ---h----- C:\WINDOWS\popcinfo.dat
2007-07-25 11:17:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 21:10:10 0 d-------- C:\Program Files\PopCap Games
2007-07-19 09:15:13 1221042 --ahs---- C:\WINDOWS\system32\fhkmp.bak2
2007-07-19 08:19:12 0 d-------- C:\Program Files\MSN Messenger
2007-07-10 18:41:58 66068 --a------ C:\WINDOWS\system32\fvgfvvdk.exe
2007-06-20 10:02:29 0 d-------- C:\Documents and Settings\A Valued Customer\Application Data\Image Zone Express
2007-06-18 20:28:52 0 d-------- C:\Documents and Settings\A Valued Customer\Application Data\FunWebProducts
2007-06-15 07:12:37 0 d-------- C:\Program Files\FunWebProducts
2007-06-14 20:04:41 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2007-06-07 17:19:20 58420 --a------ C:\WINDOWS\system32\iqmmmkdo.dll
2007-06-02 09:29:15 1071100 --ahs---- C:\WINDOWS\system32\fhkmp.bak1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33D8A1B6-13AA-40F1-8F65-3C8E9B0F9BE7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [01/03/2005 11:56]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 10:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [23/09/2004 13:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/01/2005 04:01]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [15/12/2005 12:18]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [02/08/2007 10:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"ImInstaller_IncrediMail"="C:\DOCUME~1\AVALUE~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[2].exe" []
"SManager"="smanager.7.exe" []
"CnxDslTaskBar"="C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [12/05/2003 16:13]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [14/06/2007 20:04]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SiSPower"="SiSPower.dll" [26/05/2005 04:01 C:\WINDOWS\system32\SiSPower.dll]
"OLP-Tray"="C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE" [17/07/2006 16:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 18:16]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/06/2007 08:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [07/06/2007 08:07:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [15/12/2005 12:40:44]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [25/07/2007 11:17:58]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [08/02/2007 12:18:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdawv]
efcdawv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhf]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-08-11 at 14:11:52 ---------



This post has been edited by mutley249: Aug 11 2007, 07:15 AM
Attached File(s)
Attached File  extra.txt ( 16.65K ) Number of downloads: 18
 
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 11 2007, 10:20 AM
Post #2


GeekU Teacher
Group Icon
Posts: 21,837
From: Dublin
OS: XP
Hello mutley249, I'm just looking over your logs and will get back to you soon.
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 11 2007, 12:19 PM
Post #3


GeekU Teacher
Group Icon
Posts: 21,837
From: Dublin
OS: XP
Hello mutley249, my name is Rorschach and I'll be helping you with your problems. If you can't fit all the logs in the one post, then put them in an extra post, as it is harder for us to read attached files.


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Go to the top of the page
 
+Quote Post
mutley249
post Aug 13 2007, 02:57 AM
Post #4


Member
**
Posts: 19
OS: win xp sp2
Hi,

Many thanks for your prompt response. I have run combofix, please find below the log created.

ComboFix 07-08-09.3 - "A Valued Customer" 2007-08-13 9:23:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\AVALUE~1\APPLIC~1\FunWebProducts
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images0592E1.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images07E78F.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\install provider
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache0576CD
C:\Program Files\MyWebSearch\bar\Cache12FBDDF
C:\Program Files\MyWebSearch\bar\Cache12FC5CE
C:\Program Files\MyWebSearch\bar\Cache12FC726.bin
C:\Program Files\MyWebSearch\bar\Cache12FCAEF.bin
C:\Program Files\MyWebSearch\bar\Cache12FCF15.bin
C:\Program Files\MyWebSearch\bar\Cache12FD32C.bin
C:\Program Files\MyWebSearch\bar\Cache1321C80.bin
C:\Program Files\MyWebSearch\bar\Cache1321EF1.bin
C:\Program Files\MyWebSearch\bar\Cache1322097.bin
C:\Program Files\MyWebSearch\bar\Cache13221EF.bin
C:\Program Files\MyWebSearch\bar\Cache1322308.bin
C:\Program Files\MyWebSearch\bar\Cache19C828A
C:\Program Files\MyWebSearch\bar\Cache1F5B030.bin
C:\Program Files\MyWebSearch\bar\Cache1F5B1C6.bin
C:\Program Files\MyWebSearch\bar\Cache1F5B39B.bin
C:\Program Files\MyWebSearch\bar\Cache269AA9E
C:\Program Files\MyWebSearch\bar\Cache2A34B5D
C:\Program Files\MyWebSearch\bar\Cache2A35020
C:\Program Files\MyWebSearch\bar\Cache2A8F3BB
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Mes