Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with bug screensaver/background [RESOLVED]

Started by darkgreen_orange , Jun 19 2008 05:39 PM

This topic is locked

#1
darkgreen_orange

Posted 19 June 2008 - 05:39 PM

New Member

Member
6 posts

Hello Geeks to Go!

I have read your "Read this first" topic, and have followed it. However, I am in a bit of a predicament, as I went to another forum similar to this for help (they weren't much of it either) - they had a similar topic, but theirs said to run HijackThis and fix the problems then and there, while yours says specifically not to. Anyway, I am going to post the logs (including the HJT log from this morning on that other forum, when I "fixed" the problems identified) and hopefully something can still be done about it.

It seems I have been infected with Malware Protector 2008, and then another rogue program called "Advanced XP Defender". This all started about two weeks ago, when my AVG subscription ran out...I'm now running ZoneAlarm's 15-day trial period in the meantime. I am now stuck with a wallpaper that says

"Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer."

and the screensaver with the bugs crawling around, without the ability to change either of them. It's been like this for about two weeks, like I said, so there's no telling what's on my hard drive now...Anyway, here are the logs:

Malwarebytes

Malwarebytes' Anti-Malware 1.16
Database version: 845

2:44:20 PM 6/19/2008
mbam-log-6-19-2008 (14-44-20).txt

Scan type: Quick Scan
Objects scanned: 40600
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 12
Files Infected: 75

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Adam\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\100.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\105.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\20.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\29.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\31.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\32.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\34.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\38.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\44.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\46.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\47.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\49.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\50.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\52.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\53.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\55.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\56.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\58.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\59.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\61.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\62.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\64.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\66.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\70.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\76.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\80.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\85.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\88.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\92.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\97.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcttrj0e171.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SUPERAntiSpyware

SUPERAntiSpyware Scan Log
Generated 06/19/2008 at 04:48 PM

Application Version : 3.6.1000

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type : Quick Scan
Total Scan Time : 01:26:12

Memory items scanned : 415
Memory threats detected : 0
Registry items scanned : 681
Registry threats detected : 0
File items scanned : 69962
File threats detected : 0

Panda ActiveScan
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-19 18:10:10
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ZoneAlarm Security Suite Antivirus 7.0.473.000 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Adam\Desktop\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Adam\Desktop\SmitfraudFix\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.yadro.ru/]
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.webpower.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[ad.yieldmanager.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[server.iad.liveperson.net/hc/28464961]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.adultfriendfinder.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.target.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\cookies.txt[.atwola.com/]
03064986 Adware/MalwareAlarm Adware No 1 Yes No C:\WINDOWS\SYSTEM32\LPHCTTRJ0E171.EXE
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location '
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description '
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

This is my HijackThis log from this morning

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:31, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\asdf\progs\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 208.53.169.203 irc.westwood.com
O1 - Hosts: 208.53.169.203 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\asdf\progs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphcttrj0e171] C:\WINDOWS\system32\lphcttrj0e171.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Edited by darkgreen_orange, 19 June 2008 - 05:46 PM.

#2
fenzodahl512

Posted 21 June 2008 - 05:41 AM

Malware Removal
9,863 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Regards
fenzodahl512

#3
darkgreen_orange

Posted 21 June 2008 - 11:15 AM

New Member

Topic Starter
Member
6 posts

Alright, here's main.txt:

Deckard's System Scanner v20071014.68
Run by Adam on 2008-06-21 12:07:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
7: 2008-06-21 17:07:30 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-06-21 15:52:37 UTC - RP6 - Software Distribution Service 3.0
5: 2008-06-20 19:22:51 UTC - RP5 - Installed Bluesoleil 5.0.5.178
4: 2008-06-20 19:19:42 UTC - RP4 - Removed Bluesoleil 5.0.5.178
3: 2008-06-19 19:52:09 UTC - RP3 - Installed SUPERAntiSpyware Free Edition

-- First Restore Point --
1: 2008-06-19 19:26:13 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 1.53 GiB (less than 15%) free.

-- HijackThis (run as Adam.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:41, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\asdf\progs\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\Adam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adam.exe

O1 - Hosts: 208.53.169.203 irc.westwood.com
O1 - Hosts: 208.53.169.203 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\asdf\progs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphcttrj0e171] C:\WINDOWS\system32\lphcttrj0e171.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Adam\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Fly - smart.dll (file missing)
O20 - Winlogon Notify: Love - LoveFly.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5894 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 PPJoyBus (Parallel Port Joystick Bus device driver) - c:\windows\system32\drivers\ppjoybus.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Bus Enumerator>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation.; Bluelet Audio Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleilCS - c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified; ; BlueSoleilCS Module>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 BsHelpCS - c:\program files\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified; ; BsHelpCS Module>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: USB Device
Device ID: USB\VID_0E55&PID_110A\6&35117F4A&0&1
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0E55&PID_110A\6&35117F4A&0&1
Service:

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: Parallel Port Joystick device
Device ID: PPJOYBUS\VID_DEAD&PID_BEF0\PPJOY
Manufacturer:
Name: Parallel Port Joystick device
PNP Device ID: PPJOYBUS\VID_DEAD&PID_BEF0\PPJOY
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 08:10:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 11:48:59 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-21 11:48:17 0 d-------- C:\WINDOWS\LastGood
2008-06-21 11:47:59 0 d-------- C:\Program Files\Parallel Port Joystick
2008-06-21 11:45:51 0 d-------- C:\Downloads
2008-06-21 11:45:51 0 d-------- C:\Documents and Settings\Adam\Application Data\GetRightToGo
2008-06-19 16:51:20 0 d-------- C:\Program Files\Panda Security
2008-06-19 14:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 14:52:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 14:52:11 0 d-------- C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
2008-06-19 10:14:42 0 d-------- C:\Program Files\Trend Micro
2008-06-16 11:17:22 0 d-------- C:\Program Files\Dell 720
2008-06-16 11:16:48 0 d-------- C:\Dell720
2008-06-11 03:48:29 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-10 01:17:31 0 d-------- C:\Documents and Settings\Adam\Application Data\Malwarebytes
2008-06-10 01:17:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 01:17:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 01:08:40 0 dr-h----- C:\Documents and Settings\Adam\Recent
2008-06-10 01:06:12 0 d-------- C:\Program Files\CCleaner
2008-06-09 23:56:38 3636 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 23:38:50 0 d-------- C:\Documents and Settings\Adam\Application Data\MailFrontier
2008-06-09 23:25:32 4750624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 23:18:49 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-09 23:18:44 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 23:18:34 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-06-09 23:18:11 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-09 23:17:32 0 d-------- C:\WINDOWS\Internet Logs
2008-06-09 22:18:37 0 d-------- C:\Documents and Settings\Adam\Application Data\shcrtrj0e171
2008-06-09 22:16:17 92160 --a------ C:\WINDOWS\system32\lphcttrj0e171.exe
2008-05-27 20:38:10 52140 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-26 18:59:13 0 d-------- C:\Program Files\Microsoft Games
2008-05-26 03:09:00 0 d-------- C:\Program Files\VideoLAN

-- Find3M Report ---------------------------------------------------------------

2008-06-21 12:05:56 0 d-------- C:\Documents and Settings\Adam\Application Data\DNA
2008-06-20 14:27:20 0 d-------- C:\Documents and Settings\Adam\Application Data\BitTorrent
2008-06-20 14:25:02 32 --a------ C:\WINDOWS\0
2008-06-19 14:51:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 16:53:30 0 d-------- C:\Program Files\GoldWave
2008-06-10 03:59:59 0 d-------- C:\Program Files\mIRC
2008-06-09 23:12:48 0 d-------- C:\Documents and Settings\Adam\Application Data\AVG7
2008-06-01 15:17:07 0 d-------- C:\Program Files\Scorched3D
2008-05-28 13:10:28 0 d-------- C:\Documents and Settings\Adam\Application Data\mIRC
2008-05-07 02:16:28 0 d-------- C:\Documents and Settings\Adam\Application Data\OpenOffice.org2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 14:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 17:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/07/2008 16:38]
"PWRISOVM.EXE"="C:\asdf\progs\PowerISO\PWRISOVM.EXE" [08/06/2007 19:05]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 00:13]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 01:56 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 14:10]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"lphcttrj0e171"="C:\WINDOWS\system32\lphcttrj0e171.exe" [06/09/2008 22:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 21:07]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [06/20/2008 23:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 14:22]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [08/29/2007 11:55]
"SUPERAntiSpyware"="C:\DOCUME~1\Adam\LOCALS~1\Temp\SSUPDATE.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

-- Hosts -----------------------------------------------------------------------

208.53.169.203 irc.westwood.com
208.53.169.203 servserv.westwood.com
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

18536 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-21 12:10:01 ------------

And extra.txt"

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 509.99 MiB / 91.75 MiB
Pagefile Memory (total/avail): 864.07 MiB / 406.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.62 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 1.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.473.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.473.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Westwood\\SUN\\PATCHGET.DAT"="C:\\Westwood\\SUN\\PATCHGET.DAT:*:Enabled:patchgrabber"
"C:\\Westwood\\SUN\\GAME.ICD"="C:\\Westwood\\SUN\\GAME.ICD:*:Enabled:Main executable for Tiberian Sun"
"C:\\Westwood\\SUN\\Game.exe"="C:\\Westwood\\SUN\\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Adam\\My Documents\\Downloads\\Red Alert 2\\GAME.EXE"="C:\\Documents and Settings\\Adam\\My Documents\\Downloads\\Red Alert 2\\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.719\\XCL Proxy.exe"="C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.719\\XCL Proxy.exe:*:Enabled:XCL Proxy"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.812\\peercast-VP0026\\PeerCast.exe"="C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.812\\peercast-VP0026\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\GIT\\Git.exe"="C:\\Program Files\\GIT\\Git.exe:*:Enabled:Gamer's Internet Tunnel"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.484\\BlueSoleilCS.exe"="C:\\Documents and Settings\\Adam\\Local Settings\\Temp\\Rar$EX00.484\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Documents and Settings\\Adam\\My Documents\\Downloads\\BlueSoleil_5.0_for_32bit_OS-MKDEV.TEAM\\BlueSoleilCS.exe"="C:\\Documents and Settings\\Adam\\My Documents\\Downloads\\BlueSoleil_5.0_for_32bit_OS-MKDEV.TEAM\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Adam\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EVOPC-73D80F2DF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Adam
LOGONSERVER=\\EVOPC-73D80F2DF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=EVOPC-73D80F2DF
USERNAME=Adam
USERPROFILE=C:\Documents and Settings\Adam
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Adam (admin)
Administrator (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Bluesoleil 5.0.5.178 --> MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Cakewalk Home Studio 9 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cakewalk\Cakewalk Home Studio 9\Uninst.isu"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Command & Conquer Tiberian Sun --> C:\Westwood\SUN\Uninstll.EXE
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Exact Audio Copy 0.99pb3 --> C:\Program Files\Exact Audio Copy\uninst.exe
FinalBurner Free v1.28.0.123 --> "C:\Program Files\FinalBurner\Uninstall.exe" "C:\Program Files\FinalBurner\install.log" -u
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
Freelancer --> "C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
GALAGA Destination Earth --> "C:\WINDOWS\GALAGA Destination Earth\uninstall.exe" "/U:C:\asdf\pcgames\galaga\game\Uninstall\uninstall.xml"
GIT v0.99 BETA 4 --> "C:\Program Files\GIT\unins000.exe"
GoldWave v5.22 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.22" "C:\Program Files\GoldWave\unstall.log"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ID3 renamer 2.15.15 --> "C:\Program Files\ID3 renamer\unins000.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Parallel Port Joystick --> C:\WINDOWS\unvise32.exe C:\Program Files\Parallel Port Joystick\uninstal.log
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\asdf\progs\PowerISO\uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Scorched3D 41.3 --> C:\Program Files\Scorched3D\uninst.exe
SimCity 2000® Special Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
SimIsle --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimIsle\DeIsL1.isu"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Style Enhancer Micro 1.28 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NTONYX\SEM128\se128.isu"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
vPod (Remove Only) --> "C:\Program Files\vPod\Uninstall.exe"
WeatherBug --> MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\jwzeht2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
YOU DON'T KNOW JACK V1.0 --> C:\WINDOWS\unwise.exe C:\YDKJ\install.log
Yume Nikki 0.10 English --> C:\asdf\pcgames\Yume Nikki\Uninstal.exe
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1087 / Warning
Event Submitted/Written: 06/19/2008 06:14:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1068 / Error
Event Submitted/Written: 06/15/2008 03:55:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.2.1800, faulting module winamp.exe, version 5.5.2.1800, fault address 0x00072c42.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type1067 / Error
Event Submitted/Written: 06/13/2008 02:01:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.2.1800, faulting module winamp.exe, version 5.5.2.1800, fault address 0x00072c42.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type997 / Error
Event Submitted/Written: 06/08/2008 07:10:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.2.1800, faulting module out_mp3.dll, version 2.91.0.0, fault address 0x00001d42.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type996 / Error
Event Submitted/Written: 06/08/2008 07:07:58 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.2.1800, faulting module out_mp3.dll, version 2.91.0.0, fault address 0x00001d42.
Processing media-specific event for [winamp.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type8430 / Error
Event Submitted/Written: 06/21/2008 10:55:16 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 000874F58F3C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type8423 / Warning
Event Submitted/Written: 06/21/2008 10:22:32 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000874F58F3C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8422 / Warning
Event Submitted/Written: 06/21/2008 09:15:00 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000874F58F3C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8421 / Warning
Event Submitted/Written: 06/21/2008 06:59:52 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000874F58F3C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8420 / Warning
Event Submitted/Written: 06/21/2008 04:10:43 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

-- End of Deckard's System Scanner: finished at 2008-06-21 12:10:01 ------------

#4
fenzodahl512

Posted 21 June 2008 - 04:15 PM

Malware Removal
9,863 posts

Hello, thanks for the reply.. Please do the following...

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\system32\lphcttrj0e171.exe
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171
C:\WINDOWS\system32\mlfcache.dat
EmptyTemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Please post the following logs in your next reply..

1. OTMoveIt2
2. Kaspersky Webscanner
3. A fresh Deckard System Scanner (After Kaspersky step)
4. Tell me about your computer behaviour

Regards
fenzodahl512

#5
darkgreen_orange

Posted 22 June 2008 - 07:13 PM

New Member

Topic Starter
Member
6 posts

Thank you for your help so far, fenzodahl512.

1. Okay, here is the log from OTMoveIt2:

Explorer killed successfully
C:\WINDOWS\system32\lphcttrj0e171.exe moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Packages moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171\Quarantine moved successfully.
C:\Documents and Settings\Adam\Application Data\shcrtrj0e171 moved successfully.
C:\WINDOWS\system32\mlfcache.dat moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Adam\LOCALS~1\Temp\fla80.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adam\LOCALS~1\Temp\~DF7ACA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT02a9f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT051ec.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_152134

Files moved on Reboot...
File C:\DOCUME~1\Adam\LOCALS~1\Temp\fla80.tmp not found!
C:\DOCUME~1\Adam\LOCALS~1\Temp\~DF7ACA.tmp moved successfully.
C:\WINDOWS\temp\ZLT02a9f.TMP moved successfully.
C:\WINDOWS\temp\ZLT051ec.TMP moved successfully.

2. Kaspersky Scan

I got it to install whatever it needed to install, but when I went to change the options, the wording was a little different. There was no option for which Anti-Virus database to use (such as Extended or Standard) but there were options for scanning Archives and Mail Bases and those were checked.

[Edit: Nevermind, I can see it's right there in the log

]

Anyway, here is the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 20:21:40
Records in database: 880283
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 113530
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:44:00

No malware has been detected. The scan area is clean.

The selected area was scanned.

3. DSS log (main.txt)

Deckard's System Scanner v20071014.68
Run by Adam on 2008-06-22 20:06:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 1.22 GiB (less than 15%) free.

-- HijackThis (run as Adam.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:38pm, on 22 Jun 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\asdf\progs\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Adam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adam.exe

O1 - Hosts: 208.53.169.203 irc.westwood.com
O1 - Hosts: 208.53.169.203 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\asdf\progs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphcttrj0e171] C:\WINDOWS\system32\lphcttrj0e171.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Adam\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Fly - smart.dll (file missing)
O20 - Winlogon Notify: Love - LoveFly.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5950 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-21 11:48:59 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-21 11:47:59 0 d-------- C:\Program Files\Parallel Port Joystick
2008-06-21 11:45:51 0 d-------- C:\Downloads
2008-06-21 11:45:51 0 d-------- C:\Documents and Settings\Adam\Application Data\GetRightToGo
2008-06-19 16:51:20 0 d-------- C:\Program Files\Panda Security
2008-06-19 14:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 14:52:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 14:52:11 0 d-------- C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
2008-06-19 10:14:42 0 d-------- C:\Program Files\Trend Micro
2008-06-16 11:17:22 0 d-------- C:\Program Files\Dell 720
2008-06-16 11:16:48 0 d-------- C:\Dell720
2008-06-11 03:48:29 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-10 01:17:31 0 d-------- C:\Documents and Settings\Adam\Application Data\Malwarebytes
2008-06-10 01:17:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 01:17:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 01:08:40 0 dr-h----- C:\Documents and Settings\Adam\Recent
2008-06-10 01:06:12 0 d-------- C:\Program Files\CCleaner
2008-06-09 23:56:38 3636 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 23:38:50 0 d-------- C:\Documents and Settings\Adam\Application Data\MailFrontier
2008-06-09 23:25:32 4874272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 23:18:49 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-09 23:18:44 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 23:18:34 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-06-09 23:18:11 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-09 23:17:32 0 d-------- C:\WINDOWS\Internet Logs
2008-05-26 18:59:13 0 d-------- C:\Program Files\Microsoft Games
2008-05-26 03:09:00 0 d-------- C:\Program Files\VideoLAN

-- Find3M Report ---------------------------------------------------------------

2008-06-22 19:57:38 0 d-------- C:\Documents and Settings\Adam\Application Data\DNA
2008-06-20 14:27:20 0 d-------- C:\Documents and Settings\Adam\Application Data\BitTorrent
2008-06-20 14:25:02 32 --a------ C:\WINDOWS\0
2008-06-19 14:51:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 16:53:30 0 d-------- C:\Program Files\GoldWave
2008-06-10 03:59:59 0 d-------- C:\Program Files\mIRC
2008-06-09 23:12:48 0 d-------- C:\Documents and Settings\Adam\Application Data\AVG7
2008-06-01 15:17:07 0 d-------- C:\Program Files\Scorched3D
2008-05-28 13:10:28 0 d-------- C:\Documents and Settings\Adam\Application Data\mIRC
2008-05-07 02:16:28 0 d-------- C:\Documents and Settings\Adam\Application Data\OpenOffice.org2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19 Oct 2005 08:59am]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19 Oct 2005 08:59am]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09 Jul 2001 02:50pm]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22 Feb 2008 04:25am]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15 Jan 2008 05:54pm]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10 Oct 2007 08:51pm]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07 Jan 2008 04:38pm]
"PWRISOVM.EXE"="C:\asdf\progs\PowerISO\PWRISOVM.EXE" [06 Aug 2007 07:05pm]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01 Feb 2008 12:13am]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04 Aug 2004 01:56am C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19 Feb 2008 02:10pm]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"lphcttrj0e171"="C:\WINDOWS\system32\lphcttrj0e171.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02 Apr 2008 09:07pm]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [20 Jun 2008 11:29pm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08 May 2008 02:22pm]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [29 Aug 2007 11:55am]
"SUPERAntiSpyware"="C:\DOCUME~1\Adam\LOCALS~1\Temp\SSUPDATE.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13 Feb 2001 2:01:04 am]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

-- End of Deckard's System Scanner: finished at 2008-06-22 20:07:47 ------------

4. My computer's behavior

I am now able to change my background and screen saver - and thank goodness, I was getting sick of that blue screen! Firefox is acting like I'm opening it for the first time (but my bookmarks are still there), which I'm guessing is supposed to happen. As far as I can tell, everything is back to normal.

However, now that my temporary ZoneAlarm trial runs out in two days...do you think you could suggest a good program for protecting against malware (preferably free, or at least not ultra-expensive)?

Again, thank you so much for your help! You don't know how relieved I am now that my computer is rid of that pesky malware.

Cheers,
darkgreen_orange

Edited by darkgreen_orange, 22 June 2008 - 07:15 PM.

#6
fenzodahl512

Posted 23 June 2008 - 07:50 AM

Malware Removal
9,863 posts

Great! And I have a news for you.. Your logs look clean to my eyes

Now for some cleanup..

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Please Install/Update Sun Java

Updating Java:

Go to Start --> Control Panel --> Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it:
Select it and click Remove. This will uninstall the previous (outdated) version of Java.
Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6

NEXT

Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK. This will flush your old System Restore.
Then please UNCHECK the Turn off System Restore.
Click again on Apply, and then click OK. This will create a new Restore Point

System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

I noticed that you already have:

1. ZoneAlarm Security Suite Antivirus as your antivirus
2. ZoneAlarm Security Suite Firewall as your firewall
3. Malwarebytes' as your antispyware

However, since you mentioned below..

However, now that my temporary ZoneAlarm trial runs out in two days...do you think you could suggest a good program for protecting against malware (preferably free, or at least not ultra-expensive)?

And I believe that ZoneAlarm Security Suite includes your antivirus as well

I recommend you these free and excellent antivirus below.. Please install ONLY ONE of them:

..and also these free and excellent firewall below.. Please install ONLY ONE of them:

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Lastly, to keep your operating system up to date please visit the link below monthly

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#7
darkgreen_orange

Posted 23 June 2008 - 05:29 PM

New Member

Topic Starter
Member
6 posts

Hello fenzodahl,

I did everything you said in the last post...I'm now running AVG (Free) as my anti-virus / anti-spyware and Comodo as my firewall. Everything seems to be back to normal. I greatly appreciate your help in fixing this problem and pointing me in the right direction. I will definitely recommend Geeks to Go to anyone who has a malware problem!

Cheers,
darkgreen_orange

#8
fenzodahl512

Posted 23 June 2008 - 07:47 PM

Malware Removal
9,863 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.