Im getting a popup about every 50 seconds saying Auto-Protect has blocked downloader as a security risk. your computer is secure.
Here is my hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 9:25:56 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win3E.tmp.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win3E.tmp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

none of my anti virus programs could fix this.. So what problems do i have? I have run spy bot, ad aware, norton , AVG and Registry mechanic

This post has been edited by someone666: Aug 2 2007, 10:49 PM

Hello and Welcome to Geeks to Go.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.

Also, as I am still a trainee my posts must be approved before I can post them, therefore there may be a slight delay between my posts.

Also I was wondering if there are any programs that are slowing and should be removed.

Hello someone666,

Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
• Double-click on DSS.exe to run it, and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)


I will also let you know of some programs that may be slowing you down after I get enough information!

Thank you MoNsTeReNeRgY22.

main

Deckard's System Scanner v20070729.57
Run by Owner on 2007-08-03 at 13:21:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
113: 2007-08-03 20:21:27 UTC - RP810 - Deckard's System Scanner Restore Point
112: 2007-08-03 09:25:48 UTC - RP809 - Installed Driver Detective
111: 2007-08-03 00:16:23 UTC - RP808 - Made by Registry Mechanic
110: 2007-08-03 00:07:28 UTC - RP807 - Made by Registry Mechanic
109: 2007-08-02 23:53:42 UTC - RP806 - Move file to quarantine: Windows Live Messenger


-- First Restore Point --
1: 2007-05-04 21:22:35 UTC - RP698 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:24:27 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\TEMP\win3E.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {41635EF4-89FA-4C2B-9C45-4B38C1C06FD9} - C:\WINDOWS\system32\mllmj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win3E.tmp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 kid_sys (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kid_sys.sys <Not Verified; Kensington Technology Group; KIDD>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 FastPara - c:\windows\system32\drivers\fastpara.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
S2 Ca533av (Icatch(IV) Video Camera Device) - c:\windows\system32\drivers\ca533av.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 USBCamera (Icatch(IV) Still Camera Device) - c:\windows\system32\drivers\bulk533.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 PnkBstrA - c:\windows\system32\pnkbstra.exe (file missing)
S2 PrismXL - c:\program files\common files\new boundary\prismxl\prismxl.sys (file missing)
S2 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "c:\program files\windows media player\wmpnetwk.exe" (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2007-08-03 13:22:15 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-FE554634B8-Owner).job
2007-08-03 13:20:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-FE554634B8-Naomi).job
2007-08-03 02:00:00 260 --ah----- C:\WINDOWS\Tasks\AB1CD9AF918B533B.job
2007-08-03 02:00:00 260 --ah----- C:\WINDOWS\Tasks\AA9809A191D38799.job
2007-07-28 10:29:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-27 16:05:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-20 20:00:00 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
2007-07-17 16:05:29 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2005-03-26 10:51:50 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-07-03 and 2007-08-03 -----------------------------

2007-08-03 02:30:28 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2007-08-03 02:25:59 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2007-08-02 21:09:54 31254 --a------ C:\WINDOWS\system32\mljgeee.dll
2007-08-02 19:02:21 14373 ---hs---- C:\WINDOWS\system32\jmllm.ini2
2007-08-02 17:16:56 6514 ---hs---- C:\WINDOWS\system32\jmllm.bak1
2007-08-02 17:16:05 266336 --a------ C:\WINDOWS\system32\mllmj.dll
2007-08-02 17:11:03 31254 --a------ C:\WINDOWS\system32\ssqrpnl.dll
2007-08-02 17:11:01 31254 --a------ C:\WINDOWS\system32\nnnnnml.dll
2007-08-02 17:10:51 21504 --a------ C:\WINDOWS\system32\wingdm32.dll
2007-08-02 16:30:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-08-02 16:30:01 0 d-------- C:\Program Files\Security Task Manager
2007-07-30 14:55:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-07-30 14:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-22 17:38:54 0 d-------- C:\Program Files\iTunes
2007-07-22 17:35:56 0 d-------- C:\Program Files\QuickTime
2007-07-22 17:33:00 0 d-------- C:\Program Files\Apple Software Update
2007-07-22 17:31:17 0 d-------- C:\Program Files\Common Files\Apple
2007-07-22 17:31:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-20 02:09:35 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-07-20 01:45:13 0 d-------- C:\Program Files\DivX
2007-07-20 01:15:37 0 d-------- C:\Program Files\BitTorrent
2007-07-17 16:05:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-07-16 15:40:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-07-16 13:51:31 0 d-------- C:\Program Files\SiSoftware
2007-07-09 22:24:21 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-07-09 20:20:46 0 d-------- C:\Program Files\PCPitstop
2007-07-09 16:20:11 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-07-09 16:07:54 11920 -----n--- C:\WINDOWS\system32\drivers\KID_SYS.sys <Not Verified; Kensington Technology Group; KIDD>
2007-07-09 14:09:14 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-09 12:14:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-09 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2007-07-09 12:10:20 0 d-------- C:\Program Files\MSBuild
2007-07-09 12:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 12:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 12:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 12:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 12:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-09 12:04:29 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-09 12:03:18 0 d-------- C:\Program Files\Reference Assemblies
2007-07-09 12:00:12 0 d-------- C:\e7dda904d39f0355e53e6ccb1db2beed
2007-07-09 11:24:50 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-07-08 20:42:57 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-08 20:39:33 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-08 20:39:33 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-08 20:38:28 0 d-------- C:\Program Files\America's Army Server Manager
2007-07-08 20:20:52 0 d-------- C:\Program Files\America's Army
2007-07-08 13:30:34 0 d-------- C:\Program Files\Common Files\DirectX
2007-07-08 13:14:50 0 d-------- C:\Program Files\Trymedia
2007-07-08 13:13:03 0 d-------- C:\Program Files\Global Star Software
2007-07-05 21:38:57 0 d-------- C:\Program Files\Ricochet Lost Worlds
2007-07-05 21:38:31 0 d-------- C:\Program Files\Wildlife Tycoon Venture Africa
2007-07-05 21:37:42 0 d-------- C:\Program Files\ValuSoft
2007-07-05 20:43:28 0 d-------- C:\Documents and Settings\All Users\Application Data\InterAction studios
2007-07-05 20:43:10 0 d-------- C:\Program Files\Chicken Invaders 3
2007-07-05 18:51:01 0 d-------- C:\Program Files\id Software
2007-07-05 18:26:52 0 d-------- C:\Program Files\Tremulous
2007-07-05 18:05:43 0 d-------- C:\Alien Arena 2007
2007-07-05 17:58:50 0 d-------- C:\Program Files\Blip Blop
2007-07-05 17:33:05 0 d-------- C:\Program Files\Soulseek
2007-07-05 17:20:11 0 d-------- C:\Program Files\Becherovka 2005
2007-07-05 17:06:02 0 d-------- C:\Program Files\DX-Ball
2007-07-05 14:53:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2007-08-03 13:23:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 16:54:39 0 d-------- C:\Program Files\MSN Messenger
2007-08-02 16:43:47 0 d-------- C:\Program Files\FlashGet
2007-07-22 17:39:11 0 d-------- C:\Program Files\iPod
2007-07-22 17:31:17 0 d-------- C:\Program Files\Common Files
2007-07-20 13:36:50 4621 --a------ C:\WINDOWS\mozver.dat
2007-07-20 13:36:23 0 d-------- C:\Program Files\Java
2007-07-20 02:31:18 0 d-------- C:\Program Files\ArcSoft
2007-07-20 01:41:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 01:23:16 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2007-07-20 01:15:24 0 d-------- C:\Program Files\Ares
2007-07-20 01:13:04 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-07-20 00:55:16 0 d-------- C:\Program Files\Swarm
2007-07-20 00:31:53 0 d-------- C:\Program Files\PokerStars
2007-07-17 16:16:43 0 d-------- C:\Program Files\Common Files\Xerox Shared
2007-07-16 15:40:17 0 d-------- C:\Program Files\Raxco
2007-07-09 23:26:34 0 d-------- C:\Program Files\WinImage
2007-07-09 19:43:40 0 d-------- C:\Program Files\3DO
2007-07-05 14:53:02 0 d-------- C:\Program Files\Google
2007-06-29 09:11:12 0 d-------- C:\Program Files\WinAce
2007-06-29 09:11:10 0 d-------- C:\Program Files\Starcraft
2007-06-29 09:11:01 0 d-------- C:\Program Files\iPhoto Plus 4
2007-06-29 09:11:01 0 d-------- C:\Program Files\GetRight
2007-06-29 09:11:01 0 d-------- C:\Program Files\FURY3
2007-06-29 09:10:58 0 d-------- C:\Program Files\BrainWave Generator
2007-06-28 18:02:43 0 d-------- C:\Program Files\KC Softwares
2007-06-24 19:04:41 0 d-------- C:\Program Files\Foxit Software
2007-06-24 17:27:02 0 d-------- C:\Program Files\Windows Live
2007-06-24 17:27:02 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-17 21:04:11 0 d-------- C:\Program Files\DriverGuide Toolkit
2007-06-17 19:54:10 0 d-------- C:\Program Files\SpeedItUpFree
2007-06-17 14:29:52 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-16 16:16:08 0 d-------- C:\Program Files\AusLogics BoostSpeed
2007-06-16 14:40:38 0 d--h----- C:\Program Files\Zero G Registry
2007-06-11 19:45:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-06-07 17:10:04 4 --a------ C:\WINDOWS\system32\CD85D1
2007-06-06 18:54:22 0 d-------- C:\Program Files\Diablo II


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41635EF4-89FA-4C2B-9C45-4B38C1C06FD9}]
08/02/2007 05:16 PM 266336 --a------ C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/02/2007 05:11 PM 31254 --a------ C:\WINDOWS\system32\nnnnnml.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 04:44 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 01:42 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [01/23/2001 01:29 PM]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [01/23/2001 02:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 06:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"Gravis Xperience Driver Support"="Grxp4exe.exe" [02/26/2002 10:05 AM C:\WINDOWS\system32\grxp4exe.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"avp"="C:\WINDOWS\TEMP\win3E.tmp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/09/2006 12:58 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"LDM"="\Program\BackWeb-8876480.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [8/28/2005 11:15:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINDOWS\system32\nnnnnml.dll [08/02/2007 05:11 PM 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmj]
C:\WINDOWS\system32\mllmj.dll 08/02/2007 05:16 PM 266336 C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnnml]
nnnnnml.dll 08/02/2007 05:11 PM 31254 C:\WINDOWS\system32\nnnnnml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll 08/02/2007 05:10 PM 21504 C:\WINDOWS\system32\wingdm32.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa184951-34c7-11d9-af9e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-08-03 at 13:25:50 ---------


This post has been edited by someone666: Aug 3 2007, 03:35 PM

Extra

Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 502.73 MiB / 164.58 MiB
Pagefile Memory (total/avail): 1470.06 MiB / 1137.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.49 MiB

C: is Fixed (NTFS) - 70.88 GiB total, 18.73 GiB free.
D: is Fixed (FAT32) - 3.63 GiB total, 1.63 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FE554634B8
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-FE554634B8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-FE554634B8
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Naomi (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Battlezone II\BZII.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.23 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced WMA Workshop version 2.1 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AusLogics BoostSpeed --> "C:\Program Files\AusLogics BoostSpeed\unins000.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Blip Blop (remove only) --> "C:\Program Files\Blip Blop\uninstall.exe"
BrainWave Generator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BrainWave Generator\Uninst.isu"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Chicken Invaders 3 --> "C:\Program Files\Chicken Invaders 3\ReflexiveArcade\unins000.exe"
Command & Conquer Tiberian Sun --> C:\Westwood\SUN\Uninstll.EXE
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove
Crimsonland --> "C:\Program Files\Crimsonland\unins000.exe"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Deluxe Pacman v1.69 --> "C:\Games\Deluxe Pacman\unins000.exe"
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digital Media Reader -->
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AA4525-52F2-4841-93B6-8DF58C0CC0DA}\setup.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DX-Ball 1.09 --> C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG
Electric Sheep 2.6.5 --> C:\WINDOWS\system32\UninstallElectricSheep.exe
Fallout --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\Interplay\Fallout\uninst.log
Fallout2 --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Flatland Rover --> C:\WINDOWS\unvise32.exe C:\Program Files\Flatland\uninstal.log
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Gravis Xperience 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
Heroes of Might and Magic® III --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll
Heroes of Might and Magic® IV --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HyperLoad - Golf Course --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CDF4815-1334-4AF3-B780-1F6526011C5A}\setup.exe" -l0x9 -uninst -removeonly
HyperLoad - NabiscoWorld MiniGolf --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{638787E3-ABAE-452C-9255-EC3E85B680F7}\setup.exe" -l0x9 -uninst -removeonly
Innovative System Optimizer - Platinum Edition version 2 --> "C:\Program Files\Innovative Solutions\Innovative System Optimizer - Platinum Edition version 2\unins000.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Connections Drivers --> Prounstl.exe
iPhoto Plus 4 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu"
iPod for Windows 2005-02-22 -->
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
IPS Wizard --> C:\Program Files\IPS Wizard\uninstall.exe
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KC Softwares AudioGrail --> "C:\Program Files\KC Softwares\AudioGrail\unins000.exe"
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 v1.9 --> C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Messenger Plus! 3 & Sponsor --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Midnight Outlaw Illegal Street Drag - Nitro Edition --> C:\PROGRA~1\ValuSoft\MIDNIG~1\UNWISE.EXE C:\PROGRA~1\ValuSoft\MIDNIG~1\INSTALL.LOG
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Software Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B67FB4-F425-40E5-BDDA-7CD494202022}\SETUP.EXE" -l0x9
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MusicBrainz Tagger 0.10.5 --> C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OTOY -->
Plasma Pong v1.3b --> "C:\Program Files\Plasma Pong\unins000.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Ricochet Lost Worlds --> "C:\Program Files\Ricochet Lost Worlds\ReflexiveArcade\unins000.exe"
Scan 300 / 600 Driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\TWAIN_32\Scan\Uninst.isu
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shogo --> C:\WINDOWS\uninst.exe -fC:\Games\Shogo\DeIsL1.isu
Sid Meier's Alpha Centauri --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu"
SimSheep2 --> C:\insane arts'\SimSheep2\Uninstal.exe
SiSoftware Sandra Lite XI.SP4a --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\unins000.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Soldat 1.3.1 --> c:\Soldat\unins000.exe
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Trek Voyager Elite Force --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Raven\Star Trek Voyager Elite Force\Ef.isu"
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Starsiege TRIBES 1.8 --> C:\WINDOWS\IsUninst.exe -f"C:\Dynamix\TRIBES\Uninst.isu"
Symantec Real Time Storage Protection Component -->
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tremulous 1.1.0 --> "C:\Program Files\Tremulous\uninstall.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe"
Ultima Mod for Tiberian Sun --> C:\Westwood\Sun\Uninstal.exe
Ultimate Demolition Derby --> C:\PROGRA~1\GLOBAL~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\GLOBAL~1\ULTIMA~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinImage --> "C:\Program Files\WinImage\winimage.exe" /uninstall
WinMX --> C:\Program Files\WinMX\uninstall.exe
WinPatrol --> MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinPatrol 2007 Restore/Remove First -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-08-03 at 13:25:50 ---------

I downloaded a program to remove vundo because i noticed it in one of my scans and this seems to have fixed the popup. Now I'm getting pages for winantivirus and other adds popping up all the time and my computer seems to be going quite slow.
Here is a new Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:30:31 AM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThissss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {6CA871BB-6E63-4A14-BBC3-FE17A18A70B6} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D0B67C76-A8D4-4BBB-91A5-73A36147F045} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

Hey someone666,

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

That was the program I used to get rid of it already but I did it again and it found 4 more files. When my computer rebooted i got an auto protect popup for downloader and one for Vundo. I am still getting IE7 popups for virus blocker and win 500 for life kind of popups. It seems like im getting reinfected as soon as my computer restarts. Here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 1:43:29 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThissss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3225881A-21D9-4A57-993B-7F6FDDB0AF3B} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {6CA871BB-6E63-4A14-BBC3-FE17A18A70B6} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {DBECE243-706B-4A06-8966-79BC555D8418} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

And my Vundo fix log


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 10:54:29 PM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\mllmj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\jmllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\mllmj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:24:07 PM 8/4/2007

Listing files found while scanning....


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:24:54 PM 8/4/2007

Listing files found while scanning....

C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\vtstu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Performing Repairs to the registry.
Done!


This post has been edited by someone666: Aug 4 2007, 02:50 PM

Hey someone666,

1)Please download Look2Me-Destroyer.exe to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

2)Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {3225881A-21D9-4A57-993B-7F6FDDB0AF3B} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {6CA871BB-6E63-4A14-BBC3-FE17A18A70B6} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {DBECE243-706B-4A06-8966-79BC555D8418} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O8 - Extra context menu item: &Search - ?p=ZNfox000
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3)Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\mljgeee.dll
  C:\WINDOWS\system32\jmllm.ini2
  C:\WINDOWS\system32\jmllm.bak1
  C:\WINDOWS\system32\mllmj.dll
  C:\WINDOWS\system32\ssqrpnl.dll
  C:\WINDOWS\system32\nnnnnml.dll
  C:\WINDOWS\system32\wingdm32.dll
  C:\e7dda904d39f0355e53e6ccb1db2beed
  C:\WINDOWS\system32\CmdLineExt03.dll
  C:\WINDOWS\system32\CD85D1
  C:\WINDOWS\system32\geeby.dll
  C:\WINDOWS\system32\vtstu.dll
  C:\WINDOWS\SYSTEM32\wingdm32.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum along with a fresh HJT Log. Reboot into Normal Mode.

4)Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

5)Please post the following in your next reply

• Look2Me-Destroyer.txt
• OTMove IT Log
• Fresh HJT Log

OT move it
I couldnt get the results before it restarted but this is what i got whenn i did it again.

File/Folder C:\WINDOWS\system32\mljgeee.dll not found.
File/Folder C:\WINDOWS\system32\jmllm.ini2 not found.
File/Folder C:\WINDOWS\system32\jmllm.bak1 not found.
File/Folder C:\WINDOWS\system32\mllmj.dll not found.
File/Folder C:\WINDOWS\system32\ssqrpnl.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnnnml.dll
C:\WINDOWS\system32\nnnnnml.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\nnnnnml.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\wingdm32.dll not found.
File/Folder C:\e7dda904d39f0355e53e6ccb1db2beed not found.
File/Folder C:\WINDOWS\system32\CmdLineExt03.dll not found.
File/Folder C:\WINDOWS\system32\CD85D1 not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\geeby.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\vtstu.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\wingdm32.dll not found.

Created on 08/04/2007 16:28:






Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/4/2007 4:05:08 PM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded




Logfile of HijackThis v1.99.1
Scan saved at 5:03:40 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThissss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {11D70EF0-AF69-48BC-8F29-51B35491FD87} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)



there ya go... how does it look? Im still getting some adds opening but no more auto protect popups

This post has been edited by someone666: Aug 4 2007, 07:44 PM

Hello again someone666,

1)Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {11D70EF0-AF69-48BC-8F29-51B35491FD87} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2)Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs, Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish, so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button
• Please highlight everything inside the box, right-click, and choose copy.
• Please paste the information here for me.

3)Please post the following in your next reply

• F Secure Log
• Fresh DSS Log

Thank you. The original problem of the auto protect popups seems to be gone but I am still getting random openings of IE with adds. Firefox is also getting adds but not opening randomly.

DSS LOG

main

Deckard's System Scanner v20070804.61
Run by Owner on 2007-08-04 at 23:07:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
120: 2007-08-05 06:07:32 UTC - RP820 - Deckard's System Scanner Restore Point
119: 2007-08-04 23:53:08 UTC - RP819 - Installed Java™ 6 Update 2
118: 2007-08-04 23:43:25 UTC - RP818 - Removed Java™ SE Runtime Environment 6 Update 1
117: 2007-08-04 23:41:59 UTC - RP817 - Removed Java™ 6 Update 2
116: 2007-08-04 23:40:45 UTC - RP816 - Removed Java 2 Runtime Environment, SE v1.4.2


-- First Restore Point --
1: 2007-05-08 02:29:41 UTC - RP701 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:08:08 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {11D70EF0-AF69-48BC-8F29-51B35491FD87} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184007436171
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw+0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw-0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw00s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw10s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw20s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw30s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw40s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw50s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw60s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw70s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw80s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bw90s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwa0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwb0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwc0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwd0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwe0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwf0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwg0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwh0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwi0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwj0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwk0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwl0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwm0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwn0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwo0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwp0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwq0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwr0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bws0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwt0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwu0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwv0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bww0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwx0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwy0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: bwz0s - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {6729C3F3-1D20-47E3-A097-A4A2A3F13C90} - (no file)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)


-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\HIJACK~1\backups\) ------

backup-20070804-161857-106 O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
backup-20070804-161857-232 O8 - Extra context menu item: &Search - ?p=ZNfox000
backup-20070804-161857-322 O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
backup-20070804-161857-711 O2 - BHO: (no name) - {DBECE243-706B-4A06-8966-79BC555D8418} - C:\WINDOWS\system32\vtstu.dll (file missing)
backup-20070804-161857-762 O2 - BHO: (no name) - {542E8CDC-F676-4247-B6E1-4BB4C56CEF2B} - C:\WINDOWS\system32\geeby.dll
backup-20070804-161857-931 O2 - BHO: (no name) - {6CA871BB-6E63-4A14-BBC3-FE17A18A70B6} - C:\WINDOWS\system32\mllmj.dll (file missing)
backup-20070804-161858-516 O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
backup-20070804-161858-782 O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll
backup-20070804-213247-210 O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
backup-20070804-213247-475 O2 - BHO: (no name) - {11D70EF0-AF69-48BC-8F29-51B35491FD87} - C:\WINDOWS\system32\geeby.dll
backup-20070804-213247-878 O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
backup-20070804-213248-448 O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
backup-20070804-213248-845 O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 kid_sys (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kid_sys.sys <Not Verified; Kensington Technology Group; KIDD>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 FastPara - c:\windows\system32\drivers\fastpara.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
S2 Ca533av (Icatch(IV) Video Camera Device) - c:\windows\system32\drivers\ca533av.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 USBCamera (Icatch(IV) Still Camera Device) - c:\windows\system32\drivers\bulk533.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 PnkBstrA - c:\windows\system32\pnkbstra.exe (file missing)
S2 PrismXL - c:\program files\common files\new boundary\prismxl\prismxl.sys (file missing)
S2 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "c:\program files\windows media player\wmpnetwk.exe" (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-04 23:07:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-FE554634B8-Owner).job
2007-08-04 23:05:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-FE554634B8-Naomi).job
2007-08-04 23:00:00 260 --ah----- C:\WINDOWS\Tasks\AB1CD9AF918B533B.job
2007-08-04 23:00:00 260 --ah----- C:\WINDOWS\Tasks\AA9809A191D38799.job
2007-08-04 10:29:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-03 20:00:07 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
2007-07-27 16:05:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-17 16:05:29 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2005-03-26 10:51:50 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-07-04 and 2007-08-04 -----------------------------

2007-08-04 16:53:17 0 d-------- C:\Program Files\Common Files\Java
2007-08-04 13:43:58 1066580 ---hs---- C:\WINDOWS\system32\ybeeg.ini2
2007-08-04 13:39:23 1048368 ---hs---- C:\WINDOWS\system32\ybeeg.bak1
2007-08-04 13:38:38 266336 -----n--- C:\WINDOWS\system32\geeby.dll
2007-08-03 22:54:29 0 d-------- C:\VundoFix Backups
2007-08-03 22:11:31 31254 --a------ C:\WINDOWS\system32\pmnkljh.dll
2007-08-03 20:09:52 0 d-------- C:\Program Files\Enigma Software Group
2007-08-03 15:19:12 31254 --a------ C:\WINDOWS\system32\khfcaby.dll
2007-08-03 02:30:28 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2007-08-03 02:25:59 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2007-08-02 17:11:01 31254 --a------ C:\WINDOWS\system32\nnnnnml.dll
2007-08-02 16:30:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-08-02 16:30:01 0 d-------- C:\Program Files\Security Task Manager
2007-07-30 14:55:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-07-30 14:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-22 17:38:54 0 d-------- C:\Program Files\iTunes
2007-07-22 17:35:56 0 d-------- C:\Program Files\QuickTime
2007-07-22 17:33:00 0 d-------- C:\Program Files\Apple Software Update
2007-07-22 17:31:17 0 d-------- C:\Program Files\Common Files\Apple
2007-07-22 17:31:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-20 02:09:35 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-07-20 01:45:13 0 d-------- C:\Program Files\DivX
2007-07-20 01:15:37 0 d-------- C:\Program Files\BitTorrent
2007-07-17 16:05:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-07-16 15:40:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-07-16 13:51:31 0 d-------- C:\Program Files\SiSoftware
2007-07-09 22:24:21 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-07-09 20:20:46 0 d-------- C:\Program Files\PCPitstop
2007-07-09 16:20:11 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-07-09 16:07:54 11920 -----n--- C:\WINDOWS\system32\drivers\KID_SYS.sys <Not Verified; Kensington Technology Group; KIDD>
2007-07-09 14:09:14 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-09 12:14:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-09 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2007-07-09 12:10:20 0 d-------- C:\Program Files\MSBuild
2007-07-09 12:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 12:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 12:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 12:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 12:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 12:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-09 12:04:29 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-09 12:03:18 0 d-------- C:\Program Files\Reference Assemblies
2007-07-09 11:24:50 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-07-08 20:42:57 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-08 20:39:33 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-08 20:39:33 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-08 20:38:28 0 d-------- C:\Program Files\America's Army Server Manager
2007-07-08 20:20:52 0 d-------- C:\Program Files\America's Army
2007-07-08 13:30:34 0 d-------- C:\Program Files\Common Files\DirectX
2007-07-08 13:14:50 0 d-------- C:\Program Files\Trymedia
2007-07-08 13:13:03 0 d-------- C:\Program Files\Global Star Software
2007-07-05 21:38:57 0 d-------- C:\Program Files\Ricochet Lost Worlds
2007-07-05 21:38:31 0 d-------- C:\Program Files\Wildlife Tycoon Venture Africa
2007-07-05 21:37:42 0 d-------- C:\Program Files\ValuSoft
2007-07-05 20:43:28 0 d-------- C:\Documents and Settings\All Users\Application Data\InterAction studios
2007-07-05 20:43:10 0 d-------- C:\Program Files\Chicken Invaders 3
2007-07-05 18:51:01 0 d-------- C:\Program Files\id Software
2007-07-05 18:26:52 0 d-------- C:\Program Files\Tremulous
2007-07-05 18:05:43 0 d-------- C:\Alien Arena 2007
2007-07-05 17:58:50 0 d-------- C:\Program Files\Blip Blop
2007-07-05 17:33:05 0 d-------- C:\Program Files\Soulseek
2007-07-05 17:20:11 0 d-------- C:\Program Files\Becherovka 2005
2007-07-05 17:06:02 0 d-------- C:\Program Files\DX-Ball
2007-07-05 14:53:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2007-08-04 23:09:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 16:55:39 0 d-------- C:\Program Files\Java
2007-08-04 16:53:17 0 d-------- C:\Program Files\Common Files
2007-08-03 19:34:20 0 d-------- C:\Program Files\Messenger
2007-08-02 16:54:39 0 d-------- C:\Program Files\MSN Messenger
2007-08-02 16:43:47 0 d-------- C:\Program Files\FlashGet
2007-07-22 17:39:11 0 d-------- C:\Program Files\iPod
2007-07-20 13:36:50 4621 --a------ C:\WINDOWS\mozver.dat
2007-07-20 02:31:18 0 d-------- C:\Program Files\ArcSoft
2007-07-20 01:41:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 01:23:16 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2007-07-20 01:15:24 0 d-------- C:\Program Files\Ares
2007-07-20 01:13:04 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-07-20 00:55:16 0 d-------- C:\Program Files\Swarm
2007-07-20 00:31:53 0 d-------- C:\Program Files\PokerStars
2007-07-17 16:16:43 0 d-------- C:\Program Files\Common Files\Xerox Shared
2007-07-16 15:40:17 0 d-------- C:\Program Files\Raxco
2007-07-09 23:26:34 0 d-------- C:\Program Files\WinImage
2007-07-09 19:43:40 0 d-------- C:\Program Files\3DO
2007-07-05 14:53:02 0 d-------- C:\Program Files\Google
2007-06-29 09:11:12 0 d-------- C:\Program Files\WinAce
2007-06-29 09:11:10 0 d-------- C:\Program Files\Starcraft
2007-06-29 09:11:01 0 d-------- C:\Program Files\iPhoto Plus 4
2007-06-29 09:11:01 0 d-------- C:\Program Files\GetRight
2007-06-29 09:11:01 0 d-------- C:\Program Files\FURY3
2007-06-29 09:10:58 0 d-------- C:\Program Files\BrainWave Generator
2007-06-28 18:02:43 0 d-------- C:\Program Files\KC Softwares
2007-06-24 19:04:41 0 d-------- C:\Program Files\Foxit Software
2007-06-24 17:27:02 0 d-------- C:\Program Files\Windows Live
2007-06-24 17:27:02 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-17 21:04:11 0 d-------- C:\Program Files\DriverGuide Toolkit
2007-06-17 19:54:10 0 d-------- C:\Program Files\SpeedItUpFree
2007-06-16 16:16:08 0 d-------- C:\Program Files\AusLogics BoostSpeed
2007-06-16 14:40:38 0 d--h----- C:\Program Files\Zero G Registry
2007-06-11 19:45:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-06-06 18:54:22 0 d-------- C:\Program Files\Diablo II


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11D70EF0-AF69-48BC-8F29-51B35491FD87}]
08/04/2007 01:38 PM 266336 --------- C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/02/2007 05:11 PM 31254 --a------ C:\WINDOWS\system32\nnnnnml.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 04:44 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 01:42 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [01/23/2001 01:29 PM]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [01/23/2001 02:00 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 06:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"Gravis Xperience Driver Support"="Grxp4exe.exe" [02/26/2002 10:05 AM C:\WINDOWS\system32\grxp4exe.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/09/2006 12:58 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"LDM"="\Program\BackWeb-8876480.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [8/28/2005 11:15:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINDOWS\system32\nnnnnml.dll [08/02/2007 05:11 PM 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll 08/04/2007 01:38 PM 266336 C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnnml]
nnnnnml.dll 08/02/2007 05:11 PM 31254 C:\WINDOWS\system32\nnnnnml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa184951-34c7-11d9-af9e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - COMHOST
*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2007-08-04 at 23:11:47 ---------




This post has been edited by someone666: Aug 5 2007, 12:16 AM

Extra

Deckard's System Scanner v20070804.61
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 502.73 MiB / 140.45 MiB
Pagefile Memory (total/avail): 1470.06 MiB / 1087.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1964.58 MiB

C: is Fixed (NTFS) - 70.88 GiB total, 18.83 GiB free.
D: is Fixed (FAT32) - 3.63 GiB total, 1.63 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FE554634B8
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-FE554634B8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-FE554634B8
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Naomi (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Battlezone II\BZII.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.23 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced WMA Workshop version 2.1 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AusLogics BoostSpeed --> "C:\Program Files\AusLogics BoostSpeed\unins000.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Blip Blop (remove only) --> "C:\Program Files\Blip Blop\uninstall.exe"
BrainWave Generator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BrainWave Generator\Uninst.isu"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Chicken Invaders 3 --> "C:\Program Files\Chicken Invaders 3\ReflexiveArcade\unins000.exe"
Command & Conquer Tiberian Sun --> C:\Westwood\SUN\Uninstll.EXE
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove
Crimsonland --> "C:\Program Files\Crimsonland\unins000.exe"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Deluxe Pacman v1.69 --> "C:\Games\Deluxe Pacman\unins000.exe"
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digital Media Reader -->
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AA4525-52F2-4841-93B6-8DF58C0CC0DA}\setup.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DX-Ball 1.09 --> C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG
Electric Sheep 2.6.5 --> C:\WINDOWS\system32\UninstallElectricSheep.exe
Fallout --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\Interplay\Fallout\uninst.log
Fallout2 --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Flatland Rover --> C:\WINDOWS\unvise32.exe C:\Program Files\Flatland\uninstal.log
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Gravis Xperience 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
Heroes of Might and Magic® III --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll
Heroes of Might and Magic® IV --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HyperLoad - Golf Course --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CDF4815-1334-4AF3-B780-1F6526011C5A}\setup.exe" -l0x9 -uninst -removeonly
HyperLoad - NabiscoWorld MiniGolf --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{638787E3-ABAE-452C-9255-EC3E85B680F7}\setup.exe" -l0x9 -uninst -removeonly
Innovative System Optimizer - Platinum Edition version 2 --> "C:\Program Files\Innovative Solutions\Innovative System Optimizer - Platinum Edition version 2\unins000.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Connections Drivers --> Prounstl.exe
iPhoto Plus 4 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu"
iPod for Windows 2005-02-22 -->
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
IPS Wizard --> C:\Program Files\IPS Wizard\uninstall.exe
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
KC Softwares AudioGrail --> "C:\Program Files\KC Softwares\AudioGrail\unins000.exe"
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 v1.9 --> C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Messenger Plus! 3 & Sponsor --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Midnight Outlaw Illegal Street Drag - Nitro Edition --> C:\PROGRA~1\ValuSoft\MIDNIG~1\UNWISE.EXE C:\PROGRA~1\ValuSoft\MIDNIG~1\INSTALL.LOG
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Software Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B67FB4-F425-40E5-BDDA-7CD494202022}\SETUP.EXE" -l0x9
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MusicBrainz Tagger 0.10.5 --> C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OTOY -->
Plasma Pong v1.3b --> "C:\Program Files\Plasma Pong\unins000.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Ricochet Lost Worlds --> "C:\Program Files\Ricochet Lost Worlds\ReflexiveArcade\unins000.exe"
Scan 300 / 600 Driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\TWAIN_32\Scan\Uninst.isu
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shogo --> C:\WINDOWS\uninst.exe -fC:\Games\Shogo\DeIsL1.isu
Sid Meier's Alpha Centauri --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu"
SimSheep2 --> C:\insane arts'\SimSheep2\Uninstal.exe
SiSoftware Sandra Lite XI.SP4a --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\unins000.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Soldat 1.3.1 --> c:\Soldat\unins000.exe
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Trek Voyager Elite Force --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Raven\Star Trek Voyager Elite Force\Ef.isu"
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Starsiege TRIBES 1.8 --> C:\WINDOWS\IsUninst.exe -f"C:\Dynamix\TRIBES\Uninst.isu"
Symantec Real Time Storage Protection Component -->
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tremulous 1.1.0 --> "C:\Program Files\Tremulous\uninstall.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe"
Ultima Mod for Tiberian Sun --> C:\Westwood\Sun\Uninstal.exe
Ultimate Demolition Derby --> C:\PROGRA~1\GLOBAL~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\GLOBAL~1\ULTIMA~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinImage --> "C:\Program Files\WinImage\winimage.exe" /uninstall
WinMX --> C:\Program Files\WinMX\uninstall.exe
WinPatrol --> MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinPatrol 2007 Restore/Remove First -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event ID #53814: Error
Event Submitted/Written: 08/04/2007 08:29:49 PM
Event Source: Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event ID #53787: Success
Event Submitted/Written: 08/04/2007 04:58:11 PM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #53715: Success
Event Submitted/Written: 08/04/2007 01:52:31 PM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #53686: Success
Event Submitted/Written: 08/04/2007 01:21:07 PM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #53655: Error
Event Submitted/Written: 08/04/2007 01:27:03 AM / 08/04/2007 01:27:04 AM
Event Source: Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.6982, faulting module vtstu.dll, version 0.0.0.0, fault address 0x0003197a.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #70130: Error
Event Submitted/Written: 08/04/2007 09:50:03 PM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1\Docum...f

Event ID #70129: Error
Event Submitted/Written: 08/04/2007 09:50:03 PM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1\WI...setu

Event ID #70128: Error
Event Submitted/Written: 08/04/2007 09:48:24 PM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1\Docume...

Event ID #70119: Error
Event Submitted/Written: 08/04/2007 08:30:01 PM
Event Source: Service Control Manager
Event Description:
The LiveUpdate service failed to start due to the following error:
%%1053

Event ID #70118: Error
Event Submitted/Written: 08/04/2007 08:30:01 PM
Event Source: Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.



-- End of Deckard's System Scanner: finished at 2007-08-04 at 23:11:47 ---------



F-secure log

Scanning Report
Saturday, August 04, 2007 21:42:16 - 23:02:34

Computer name: YOUR-FE554634B8
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 18 malware found
IM-Worm.Win32.Sohanad.aw (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\DSS.EXE (Renamed & Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Trojan-Downloader.Win32.Tiny.id (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\DQCNWTOJ.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\FJWUEGFF.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\LMBWSTUN.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TITUNXQF.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TOUDBTII.EXE (Renamed & Submitted)

Trojan-Dropper.Win32.Agent.bmk (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CKPWHVPA.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CTWOPRFJ.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\FHMVOYDA.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PFKHGOOH.EXE (Renamed & Submitted)

Trojan.Win32.Agent.qt (virus)

* C:\DECKARD\SYSTEM SCANNER\20070803141353\BACKUP\WINDOWS\TEMP\WIN44.TMP.EXE (Renamed & Submitted)

Trojan.Win32.Dialer.qn (virus)

* C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\WINGDM32.DLL (Renamed & Submitted)
* C:\WINDOWS\TEMP\WIN2D.TMP.EXE (Renamed & Submitted)
* C:\WINDOWS\TEMP\WINC.TMP.EXE (Renamed & Submitted)
* C:\DECKARD\SYSTEM SCANNER\20070803141353\BACKUP\WINDOWS\TEMP\WIN42.TMP.EXE (Renamed & Submitted)

Win32.TrojanDownloader.Agent (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 41998
* System: 5512
* Not scanned: 3

Actions:

* Disinfected: 2
* Renamed: 15
* Deleted: 0
* None: 1
* Submitted: 15

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-07-30
* F-Secure AVP: 7.0.171, 2007-08-03
* F-Secure Orion: 1.2.37, 2007-08-03
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-07-01

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Hello,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {11D70EF0-AF69-48BC-8F29-51B35491FD87} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnnml.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: nnnnnml - C:\WINDOWS\SYSTEM32\nnnnnml.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please double-click OTMoveIt.exe to run it.

• Click the Clean up button
• Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
• Click NO to the reboot, and just delete the OTmove it program from your desktop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
• Select "Add More Files?" from the menu that comes up.
• This will open a new VundoFix window that says "Paste files into the boxes below:"
• In that window, copy and paste the following file path in the first (top) field:
  C:\WINDOWS\system32\geeby.dll
• Now copy and paste the following file path in the second field:
  C:\WINDOWS\system32\nnnnnml.dll
• Click the 'Add Files' button.
• Click the 'Close Window' button.
• Click the 'Remove Vundo' button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.


Please post another DSS log and the VF text in your next reply.