Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PS Guard and other malwares [CLOSED]


  • This topic is locked This topic is locked

#1
amiyumi

amiyumi

    New Member

  • Member
  • Pip
  • 3 posts
Hi, after I have done all the steps removing spyware, everything works fine for now. However, every time I scan my system using Ad-Adware, PS Guard keeps showing up as a result. Also, AVG Anti-Spyware says there is an error while removing PSGuard. Please take a look at my hjt log and tell me which to remove :) . Since I am very inexperienced with this, so I hope you can help me. Thank you so much for your time and patience.


Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:51 PM, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...m/ext/search/se

arch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...m/ext/search/se

arch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1

\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kjxiypc.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1

\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program

Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program

Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program

Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program

Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1

\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program

Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{B5-54-43-3D-ZN}] c:\windows\system32\dwdsregt.exe GID002
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ycrpyr.exe reg_run
O4 - HKLM\..\Run: [win3211-1541712835] C:\WINDOWS\win3211-1541712835.exe
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [sys0341712835-15] C:\WINDOWS\sys0341712835-15.exe
O4 - HKLM\..\Run: [sys02541712835-1] C:\WINDOWS\sys02541712835-1.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0

\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\475~1.0

\SBInst.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast2\sept2pop06apsept.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [Pop-Up Blocker] C:\Program Files\Pop-Up Blocker Full\Pop-

UpBlockerFull.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmfg_7.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

/GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ms072835-154171] C:\WINDOWS\ms072835-154171.exe
O4 - HKLM\..\Run: [ms05712835-1541] C:\WINDOWS\ms05712835-1541.exe
O4 - HKLM\..\Run: [ms041712835-154] C:\WINDOWS\ms041712835-154.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lizikyvA] C:\WINDOWS\lizikyvA.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\System32\bdpn.exe"
O4 - HKLM\..\Run: [keyboard] c:\\kybrdfg_7.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [iveroi] C:\WINDOWS\System32\jeabok.exe reg_run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12

\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86

\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [eda96749.exe] C:\WINDOWS\System32\eda96749.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [dmakydkA] C:\WINDOWS\dmakydkA.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrfg_7.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements

4.0\apdproxy.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"

-quiet
O4 - HKCU\..\Run: [wscshr] C:\WINDOWS\System32\wscshr.exe
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\Owner\LOCALS~1\Temp\29.tmp3072.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [System32] C:\WINDOWS\system32\dumathangdangquang.js
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [SOProc_RegSoAlertAjWx1Nn] rundll32 shell32.dll,ShellExec_RunDLL

C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertAjWx1Nn
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web

Folders\ibm00001.exe"
O4 - HKCU\..\Run: [qquw] C:\PROGRA~1\COMMON~1\qquw\qquwm.exe
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [Pxjnr] C:\WINDOWS\system32\?icrosoft.NET\rundll32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ntvdaz] C:\WINDOWS\System32\ntvdaz.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://han1nguoi.vnic.cc
O4 - HKCU\..\Run: [Hhfydsz] C:\WINDOWS\??curity\fast.exe
O4 - HKCU\..\Run: [Hesppgy] C:\WINDOWS\System32\??sks\regedit.exe
O4 - HKCU\..\Run: [fsltp] C:\WINDOWS\System32\jeabok.exe reg_run
O4 - HKCU\..\Run: [Ffk] C:\Documents and Settings\Owner\Application Data\T?

sks\msiexec.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Policies\Explorer\Run: [wscshr] C:\WINDOWS\System32\wscshr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Startup: Epson all-in-one Registration.lnk = D:\EREG\EpsonReg.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft

Office\Office12\ONENOTEM.EXE
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0

\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0

\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10

\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon

Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: _default.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!

\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4

\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!

\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!

\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program

Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program

Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base

Module) - http://scan.safety.l...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../wuweb_site.cab?

1136584923375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros.../muweb_site.cab?

1136584904265
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

http://download.cdn....06FreeInstall.c

ab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1

\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: fEBWlI - {A41B543E-0EB1-FE94-DF67-96DC9BA3ACF1} - C:\WINDOWS\System32

\jymw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1

\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7

\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\kyze.html
O24 - Desktop Component 1: (no name) - C:\Program Files\CONEXANT\howyry.html
O24 - Desktop Component 2: (no name) - C:\WINDOWS\System32\ad.html
O24 - Desktop Component 3: (no name) - http://images.google.com/images?

q=tbn:zXedhWYhNe0J:nekochan.cupped-expressions.net/wallpapers/inuyasha.jpg
O24 - Desktop Component 4: (no name) - About:Home
O24 - Desktop Component 5: (no name) - (no file)
O24 - Desktop Component 6: (no name) - http://images.google.com/images?

q=tbn:XRPQ3uLSeZ8J:www.animecowboy.com/gallery/Inuyasha/Inuyasha.jpg
O24 - Desktop Component 7: (no name) - http://images.google.com/images?

q=tbn:kjpEa1zvwnUJ:www.cartonionline.com/gif/CARTOON/inuyasha/02.jpg
O24 - Desktop Component 8: (no name) - http://images.google...=tbn:bDIa9ywK9-

0J:thegreatspirit.free.fr/images/awards/inuyasha-no-kokoro.jpg

--
End of file - 24361 bytes
==============
This is the uninstall list
32 Bit HP CIO Components Installer
ACDSee 5.0 PowerPack
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Shockwave Player
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
Anti Red Eye 1.0
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AuditionSEA
AVG 7.5
AVG Anti-Spyware 7.5
BigFix
Bingo RM to MP3 Wave Converter 3.4
ccCommon
CHEMIX Ver.3.00
CleanUp!
Color Pilot 4.62
Corel Painter Essentials 3
DC++ 0.691
DCE Tools 1.0
Digital Media Reader
DivX Content Uploader
DivX Web Player
EPSON Printer Software
Extensis Mask Pro 3.0
Eye Candy 3
FlashGet 1.9.4.1063
Form Fill (Windows Live Toolbar)
FTP Commander
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Video Uploader
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterActual Player
Internet Speed Monitor
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2
Kai's Power Tools 3
K-Lite Codec Pack 3.4.5 Full
KnockOut 2
Learn2 Player (Uninstall Only)
Lion King
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam Software
Macromedia Flash Player
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
mIRC
Mozilla Firefox (2.0.0.13)
MSRedist
Music Fan's Factory v8.2
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
OB WMP11
OneCare Advisor (Windows Live Toolbar)
Panda ActiveScan
Panda ActiveScan 2.0
Popup Blocker (Windows Live Toolbar)
Pop-Up Stopper Free Edition
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Simply Calenders v4.0
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
Sony USB Driver
Spam Blocker Utility ShopperReports
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
SymNet
Tablet
Total Commander (Remove or Repair)
Ulead FX Razor 2.0
UniKey 3.62
Uninstall AutoEye
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB911280)
VeohTV BETA
Verizon Online
Verizon Online DSL
Verizon Online Help and Support
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
Weather Services
WIDCOMM Bluetooth Software
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XML-2 Library
Windows XP Service Pack 2
WinRAR archiver
Yahoo! ¤u¨ă¦C
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool

=============
This is the Active Scan Report
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-05 21:59:05
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.519 7.5.519 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\internet optimizer
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.008
00034272 adware/xmllib Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\xmllib
00034272 adware/xmllib Adware No 0 Yes No c:\windows\xmllib.dll
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\enum\root\legacy_tbpssvc
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_tbpssvc
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\mysearchtoolbar.toolbarplugin
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\mysearchtoolbar.toolbarplugin.1
00045952 spyware/media-motor Spyware No 1 Yes No hkey_local_machine\software\revisions
00046097 adware/oemji Adware No 0 Yes No c:\documents and settings\owner\application data\spamextract
00046208 spyware/smitfraud Spyware No 1 Yes No c:\windows\system32\ptainfo2.ico
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00064492 adware/novo Adware No 0 Yes No hkey_local_machine\software\np
00064492 adware/novo Adware No 0 Yes No hkey_local_machine\software\novo
00120993 adware/deskwizz Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\newfrn
00206577 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP404\A0091905.dll
00217379 adware/dollarrevenue Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\timessquare
00217379 adware/dollarrevenue Adware No 1 Yes No c:\windows\keyboard191.dat
00217379 adware/dollarrevenue Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\newname
00217379 adware/dollarrevenue Adware No 1 Yes No c:\windows\timessquare1.dat
00217379 adware/dollarrevenue Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\adtech2006
00220166 trj/spamer.c Virus/Trojan No 0 Yes No hkey_current_user\software\microsoft\windows\currentversion\run\winmedia
00247910 w32/locksky.au.worm Virus/Worm No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\spoolsvv
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP401\A0090598.rbf
00271936 W32/Polipos.A Virus No 0 Yes No C:\Documents and Settings\Owner\Desktop\auditionsea_setup6042.exe
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP401\A0091047.rbf
00271936 W32/Polipos.A Virus No 0 Yes No C:\Program Files\HP\Digital Imaging\bin\hpqqpawp.exe
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP401\A0090585.rbf
00271936 W32/Polipos.A Virus No 0 Yes No C:\Program Files\AuditionSEA\AuditionSEA\Patcher.exe
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP402\A0091495.exe
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP402\A0091491.exe
00271936 W32/Polipos.A Virus No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP401\A0090584.rbf
00274954 adware/adrotator Adware No 0 Yes No hkey_local_machine\software\microsoft\rotator
00358465 application/myglobalsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404}
00584455 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbAds.dll
00895808 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Install.dll.tcf
00985297 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbHostOL.dll
00985307 Adware/IST Adware No 0 Yes No C:\Program Files\Microsoft AntiSpyware\Quarantine\1E4F76D7-84CD-408D-946B-B152F2\1A8E86A7-6784-4617-8DCE-B3B7E6
01020628 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBSrvPS.dll
01020699 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBOLExp.dll
01024207 Adware/IST Adware No 0 Yes No C:\Program Files\Microsoft AntiSpyware\Quarantine\3DEE32A8-3DDB-4C87-9E8C-286EE5\C306EF68-A9C7-4046-B346-9A522B
01042717 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBOLExt.dll
01047005 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBUIRes.dll
01047013 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBTrayAppPS.dll
01047019 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBUISkin.dll
01047020 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBClientSinkPS.dll
01048579 Adware/IST Adware No 0 Yes No C:\Program Files\Microsoft AntiSpyware\Quarantine\3DEE32A8-3DDB-4C87-9E8C-286EE5\D3A51108-2D40-44F7-8047-DF2A26
01441317 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbToolbar.dll
01692614 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\Redemption.dll
02044876 Adware/IST Adware No 0 Yes No C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\Cml.exe
02899369 Adware/Popadd Adware No 0 Yes No C:\PROGRAM FILES\QDRMODULE\QDRMODULE12.EXE
02899369 Adware/Popadd Adware No 0 No No C:\WINDOWS\system32\LB89B.tmp[QdrModule12.exe]
02900300 Adware/InternetSpeedMonitor Adware No 0 No No C:\WINDOWS\system32\LB89B.tmp[ism.exe]
02900300 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\Program Files\ISM\ism.exe
02900302 Adware/InternetSpeedMonitor Adware No 0 No No C:\WINDOWS\system32\LB89B.tmp[QdrDrive10.dll]
02900302 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP407\A0092037.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location W
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description W
;===============================================================================
================================================================================
=
===================
184380 MEDIUM MS08-002 W
184379 MEDIUM MS08-001 W
182048 HIGH MS07-069 W
182046 HIGH MS07-067 W
182043 HIGH MS07-064 W
179553 HIGH MS07-061 W
176382 HIGH MS07-057 W
176383 HIGH MS07-058 W
170911 HIGH MS07-050 W
170907 HIGH MS07-046 W
170906 HIGH MS07-045 W
170904 HIGH MS07-043 W
164915 HIGH MS07-035 W
164913 HIGH MS07-033 W
164911 HIGH MS07-031 W
160623 HIGH MS07-027 W
157262 HIGH MS07-022 W
157261 HIGH MS07-021

Edited by amiyumi, 07 April 2008 - 02:17 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - could I have a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
amiyumi

amiyumi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, thank you so much for your time. This is my log.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-14 23:24:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
49: 2008-04-15 03:11:48 UTC - RP410 - Deckard's System Scanner Restore Point
48: 2008-04-14 00:45:14 UTC - RP409 - System Checkpoint
47: 2008-04-13 00:25:25 UTC - RP408 - System Checkpoint
46: 2008-04-05 17:56:27 UTC - RP407 - Installed SUPERAntiSpyware Free Edition
45: 2008-04-05 04:27:32 UTC - RP406 - Attemt cleaning virus


-- First Restore Point --
1: 2008-01-16 10:43:15 UTC - RP362 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:51 PM, on 04/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kjxiypc.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Pop-Up Blocker] C:\Program Files\Pop-Up Blocker Full\Pop-UpBlockerFull.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Policies\Explorer\Run: [wscshr] C:\WINDOWS\System32\wscshr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: _default.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136584923375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136584904265
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: fEBWlI - {A41B543E-0EB1-FE94-DF67-96DC9BA3ACF1} - C:\WINDOWS\System32\jymw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\kyze.html
O24 - Desktop Component 1: (no name) - C:\Program Files\CONEXANT\howyry.html
O24 - Desktop Component 2: (no name) - C:\WINDOWS\System32\ad.html
O24 - Desktop Component 3: (no name) - http://images.google...rs/inuyasha.jpg
O24 - Desktop Component 4: (no name) - About:Home
O24 - Desktop Component 5: (no name) - (no file)
O24 - Desktop Component 6: (no name) - http://images.google...ha/Inuyasha.jpg
O24 - Desktop Component 7: (no name) - http://images.google...inuyasha/02.jpg
O24 - Desktop Component 8: (no name) - http://images.google...a-no-kokoro.jpg

--
End of file - 15803 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 npkcrypt - c:\program files\ptv\npkcrypt.sys (file missing)
S3 CapFilt - c:\windows\system32\drivers\capfilt.sys <Not Verified; ensurebit; ensurebit CapFilt>
S3 dump_wmimmc - c:\windows\system32\drivers\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys <Not Verified; ©NOWCOM; Nowcom Memory Defender>
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing)
S3 PID_08A0 (QuickCam IM(PID_08A0)) - c:\windows\system32\drivers\lv302av.sys (file missing)
S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 23:50:02 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-14 11:22:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-07-31 13:18:45 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2005-01-25 16:41:29 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2005-01-25 16:41:29 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2005-01-25 16:41:29 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-06 14:23:18 20480 --a------ C:\WINDOWS\system32\c85055a.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-06 14:23:18 20480 --a------ C:\WINDOWS\system32\13168ff.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-06 11:55:57 0 d-------- C:\Program Files\Trend Micro
2008-04-06 11:27:50 20480 --a------ C:\WINDOWS\system32\22134480.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-06 11:27:49 20480 --a------ C:\WINDOWS\system32\14827b30.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-05 19:08:33 0 d-------- C:\Program Files\Panda Security
2008-04-05 19:08:30 1841 --a------ C:\WINDOWS\mozver.dat
2008-04-05 13:57:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 13:56:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-05 13:56:30 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-05 13:55:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 20:42:46 0 d-------- C:\Program Files\Corel
2008-04-04 18:06:01 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-04 18:05:11 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-04 18:00:54 1039 -----n--- C:\WINDOWS\hpomdl15.dat
2008-04-04 18:00:54 139775 --a------ C:\WINDOWS\hpoins15.dat
2008-03-30 18:05:38 0 d-------- C:\Program Files\AuditionSEA
2008-03-23 14:17:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-04-14 23:20:59 0 d-------- C:\Program Files\FlashGet
2008-04-13 01:01:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-05 23:00:09 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-05 18:48:42 0 d-a------ C:\Program Files\Common Files
2008-04-05 18:48:35 0 d-------- C:\Program Files\QdrDrive
2008-04-05 01:35:07 0 d-------- C:\Program Files\QdrPack
2008-03-30 18:05:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 22:22:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-20 00:08:53 0 d-------- C:\Program Files\The Weather Channel FW
2008-03-20 00:06:41 0 d-------- C:\Program Files\DivX
2008-03-19 19:33:07 0 d-------- C:\Program Files\data
2008-03-06 22:31:50 0 d-------- C:\Program Files\Microsoft Works
2008-03-06 22:31:27 0 d-------- C:\Program Files\MSBuild
2008-03-06 22:28:56 0 d-------- C:\Program Files\Microsoft.NET
2008-03-06 22:22:48 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-02 15:23:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-01 01:45:17 0 d-------- C:\Program Files\Yahoo!
2008-02-22 22:53:06 4 --a------ C:\WINDOWS\system32\XPerWin.dll
2008-02-15 10:17:42 0 d-------- C:\Program Files\UniKey
2008-02-15 10:17:41 0 d-------- C:\Program Files\QuickTime
2008-02-10 14:55:19 670208 ---hs---- C:\WINDOWS\system32\uau.exe
2008-02-09 22:25:02 37 --a------ C:\WINDOWS\system32\xsystem.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"Pop-Up Blocker"="C:\Program Files\Pop-Up Blocker Full\Pop-UpBlockerFull.exe" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 01:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
_default.exe [06/18/2007 5:11:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wscshr"=C:\WINDOWS\System32\wscshr.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\kyze.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\CONEXANT\howyry.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\WINDOWS\System32\ad.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fEBWlI"= {A41B543E-0EB1-FE94-DF67-96DC9BA3ACF1} - C:\WINDOWS\System32\jymw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,kjxiypc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/06/2008 12:58 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^_default.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\_default.exe
backup=C:\WINDOWS\pss\_default.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=C:\WINDOWS\pss\Epson all-in-one Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration .LNK]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
C:\WINDOWS\v1201.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad8rIU3s]
C:\WINDOWS\System32\cvn0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adtech2006]
C:\windows\adtech2006a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS2]
"C:\Program Files\System Files\System.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clcbt.exe]
C:\WINDOWS\System32\clcbt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
C:\WINDOWS\cfg32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
c:\\dfndrfg_7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmakydkA]
C:\WINDOWS\dmakydkA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]
c:\\drsmartloadb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eda96749.exe]
C:\WINDOWS\System32\eda96749.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epy9J]
"C:\WINDOWS\System32\l3jdfs.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ffk]
C:\Documents and Settings\Owner\Application Data\T?sks\msiexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsltp]
C:\WINDOWS\System32\jeabok.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
C:\WINDOWS\System32\mptft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hesppgy]
C:\WINDOWS\System32\??sks\regedit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhfydsz]
C:\WINDOWS\??curity\fast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
IEXPLORE.EXE http://han1nguoi.vnic.cc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
C:\WINDOWS\System32\irssyncd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iveroi]
C:\WINDOWS\System32\jeabok.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU]
"C:\WINDOWS\System32\wfxqhv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
c:\\kybrdfg_7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kSPYv]
"C:\WINDOWS\System32\bdpn.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lizikyvA]
C:\WINDOWS\lizikyvA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lspins]
"C:\WINDOWS\System32\igps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms041712835-154]
C:\WINDOWS\ms041712835-154.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms05712835-1541]
C:\WINDOWS\ms05712835-1541.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms072835-154171]
C:\WINDOWS\ms072835-154171.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewFrn]
C:\WINDOWS\newfrn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
c:\\nwnmfg_7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntvdaz]
C:\WINDOWS\System32\ntvdaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
C:\WINDOWS\pop06ap2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06apelt]
C:\WINDOWS\thiselt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pxjnr]
C:\WINDOWS\system32\?icrosoft.NET\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule12]
"C:\Program Files\QdrModule\QdrModule12.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack12]
"C:\Program Files\QdrPack\QdrPack12.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qquw]
C:\PROGRA~1\COMMON~1\qquw\qquwm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSvr32]
C:\WINDOWS\System32\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\septpop06apsept]
C:\program files\popupwithcast2\sept2pop06apsept.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SOProc_RegSoAlertAjWx1Nn]
rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertAjWx1Nn

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express]
C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker]
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv]
C:\WINDOWS\System32\spoolsvv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
C:\freescan\freescan.exe -FastScan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
C:\Program Files\STOPzilla!\STOPzilla.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02541712835-1]
C:\WINDOWS\sys02541712835-1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys0341712835-15]
C:\WINDOWS\sys0341712835-15.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System32]
C:\WINDOWS\system32\dumathangdangquang.js

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 4.5\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\timessquare]
C:\windows\timessquare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wGzyM6F48]
C:\WINDOWS\System32\apbzk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win3211-1541712835]
C:\WINDOWS\win3211-1541712835.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMedia]
"C:\DOCUME~1\Owner\LOCALS~1\Temp\29.tmp3072.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\System32\ycrpyr.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscshr]
C:\WINDOWS\System32\wscshr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B5-54-43-3D-ZN}]
c:\windows\system32\dwdsregt.exe GID002

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\57bc3bf7-7508-456e-a170-2e987ac03d1a]
C:\WINDOWS\System32\cmrdcro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\57bc3bf7-7508-456e-a170-2e987ac03d1a]
C:\WINDOWS\System32\cmrdcro.exe



-- End of Deckard's System Scanner: finished at 2008-04-14 23:30:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 246.8 MiB / 43.38 MiB
Pagefile Memory (total/avail): 604.79 MiB / 143.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.23 MiB

C: is Fixed (NTFS) - 57.26 GiB total, 26.8 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 57.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 57.26 GiB - C:

\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 1945.37 MiB - 1 partition
\PARTITION0 - Unknown - 1866.93 MiB - J:

\\.\PHYSICALDRIVE4 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE6 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE2 - HP Photosmart C4280 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is not configured.
Windows Internal Firewall is enabled.

AV: AVG 7.5.519 v7.5.519 (Grisoft) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic&
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we have acres of baddies there so lets start to kill them :) When you run OTMoveit you will loose your desktop for the duration of the fix and when you run Combofix. After this I will repair your safeboot option and get you to try and restart AVG antivirus

This is a long fix so I would recommend copying this post to a text file for reference

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kjxiypc.exe
O4 - HKCU\..\Policies\Explorer\Run: [wscshr] C:\WINDOWS\System32\wscshr.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O21 - SSODL: fEBWlI - {A41B543E-0EB1-FE94-DF67-96DC9BA3ACF1} - C:\WINDOWS\System32\jymw.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\kyze.html
O24 - Desktop Component 1: (no name) - C:\Program Files\CONEXANT\howyry.html
O24 - Desktop Component 2: (no name) - C:\WINDOWS\System32\ad.html
O24 - Desktop Component 3: (no name) - http://images.google...rs/inuyasha.jpg
O24 - Desktop Component 4: (no name) - About:Home
O24 - Desktop Component 5: (no name) - (no file)
O24 - Desktop Component 6: (no name) - http://images.google...ha/Inuyasha.jpg
O24 - Desktop Component 7: (no name) - http://images.google...inuyasha/02.jpg
O24 - Desktop Component 8: (no name) - http://images.google...a-no-kokoro.jpg

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

NEXT

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    c:\windows\system32\drivers\szkg.sys
    c:\windows\system32\drivers\dump_wmimmc.sys 
    C:\WINDOWS\system32\c85055a.dll 
    C:\WINDOWS\system32\13168ff.dll 
    C:\WINDOWS\system32\22134480.dll 
    C:\WINDOWS\system32\14827b30.dll 
    C:\Program Files\QdrDrive
    C:\Program Files\QdrPack
    C:\WINDOWS\system32\uau.exe
    C:\WINDOWS\System32\wscshr.exe
    C:\Program Files\MSN\kyze.html
    C:\Program Files\CONEXANT\howyry.html
    C:\WINDOWS\System32\ad.html
    C:\WINDOWS\System32\jymw.dll 
    C:\WINDOWS\System32\kjxiypc.exe
    C:\WINDOWS\System32\cvn0.exe
    C:\windows\adtech2006a.exe
    C:\WINDOWS\System32\clcbt.exe
    C:\Program Files\System Files\System.exe
    C:\WINDOWS\cfg32.exe
    c:\\dfndrfg_7.exe
    C:\WINDOWS\dmakydkA.exe
    c:\\drsmartloadb.exe
    C:\WINDOWS\System32\eda96749.exe
    C:\WINDOWS\System32\l3jdfs.exe
    C:\WINDOWS\System32\jeabok.exe 
    C:\WINDOWS\System32\mptft.exe
    C:\Program Files\Internet Optimizer
    C:\WINDOWS\System32\irssyncd.exe
    C:\WINDOWS\System32\wfxqhv.exe
    C:\WINDOWS\System32\bdpn.exe
    C:\WINDOWS\lizikyvA.exe
    C:\WINDOWS\System32\igps.exe
    C:\WINDOWS\ms041712835-154.exe
    C:\WINDOWS\ms05712835-1541.exe
    C:\WINDOWS\ms072835-154171.exe
    C:\PROGRA~1\MYWEBS~1
    C:\WINDOWS\newfrn.exe
    c:\\nwnmfg_7.exe
    C:\WINDOWS\System32\ntvdaz.exe
    C:\WINDOWS\pop06ap2.exe
    C:\WINDOWS\thiselt.exe
    C:\PROGRA~1\COMMON~1\qquw
    C:\program files\popupwithcast2
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
    C:\PROGRA~1\SOFTWA~1
    C:\WINDOWS\System32\spoolsvv.exe
    C:\WINDOWS\sys02541712835-1.exe
    C:\WINDOWS\sys0341712835-15.exe
    C:\WINDOWS\system32\dumathangdangquang.js
    C:\windows\timessquare.exe
    C:\WINDOWS\System32\apbzk.exe
    C:\WINDOWS\win3211-1541712835.exe
    C:\Windows\xpupdate.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\29.tmp3072.exe
    C:\WINDOWS\System32\ycrpyr.exe 
    c:\windows\system32\dwdsregt.exe
    C:\WINDOWS\System32\cmrdcro.exe
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\57bc3bf7-7508-456e-a170-2e987ac03d1a 
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\57bc3bf7-7508-456e-a170-2e987ac03d1a
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B5-54-43-3D-ZN}
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscshr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMedia
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win3211-1541712835
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wGzyM6F48
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\timessquare
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys0341712835-15
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06apelt
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hesppgy
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmakydkA
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmakydkA
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clcbt.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS2
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adtech2006
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run\\wscshr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad8rIU3s
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eda96749.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epy9J
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ffk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsltp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhfydsz
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iveroi
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kSPYv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lizikyvA
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lspins
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms041712835-154
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms05712835-1541
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms072835-154171
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewFrn
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntvdaz
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pxjnr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule12
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack12
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qquw
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\septpop06apsept
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SOProc_RegSoAlertAjWx1Nn
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02541712835-1
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System32
    Purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
szkg
dump_wmimmc 

File::
c:\windows\system32\drivers\szkg.sys 
c:\windows\system32\drivers\dump_wmimmc.sys

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Logs required : OTMoveit and Combofix
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP