[ianmo]

Hi and a happy new year to all.
Been having many troubles with my xp p4 but has come to a head over xmas.
It wont run the dvd/cd drive, ctrl, alt del, not working, it fails to see any cameras connected (though thumb drives are ok).Takes around 2 or 3 mins for me to complete typing an url in the adress bar. Task manager not showing. It wont download many of the windows updates..even after all the software downloaded and run in the required steps on this forum.
Heres the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 12:33:44 PM, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ozemail.com.au
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fontbas - C:\WINDOWS\addins\fontbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winkbgl - Unknown owner - C:\WINDOWS\System32\Winkbgl.exe
O23 - Service: Winkble - Unknown owner - C:\WINDOWS\System32\Winkble.exe (file missing)
O23 - Service: Winkeu - Unknown owner - C:\WINDOWS\System32\Winkeu.exe (file missing)
O23 - Service: Winkfl - Unknown owner - C:\WINDOWS\System32\Winkfl.exe (file missing)
O23 - Service: Winkms - Unknown owner - C:\WINDOWS\System32\Winkms.exe (file missing)
O23 - Service: Winkns - Unknown owner - C:\WINDOWS\System32\Winkns.exe (file missing)
O23 - Service: Winknvp - Unknown owner - C:\WINDOWS\System32\Winknvp.exe (file missing)
O23 - Service: Winkte - Unknown owner - C:\WINDOWS\System32\Winkte.exe (file missing)
O23 - Service: Winkxy - Unknown owner - C:\WINDOWS\System32\Winkxy.exe (file missing)
O23 - Service: Winkydf - Unknown owner - C:\WINDOWS\System32\Winkydf.exe (file missing)
O23 - Service: Winkyqv - Unknown owner - C:\WINDOWS\System32\Winkyqv.exe (file missing)

Uninstall list
Ad-Aware SE Personal
Adobe Reader 7.0.5
AirPlus G
Alcatel SpeedTouch USB Software
ALPS Touch Pad Driver
ANIO Service
ANIWZCS2 Service
AVG Anti-Spyware 7.5
BigPond Toolbar
BlueVoda Website Builder 6.6.3
CCHelp
Celestron's TheSky (Remove only)
Destiny FinSoft 6.0
Easy Button
EPSON Printer Software
e-tax 2005
e-tax 2006
e-tax 2006 - FTB Module
FCharts
ftb 2005
Google Toolbar for Internet Explorer
Google Updater
HijackThis 1.99.1
Hotfix for MDAC 2.80 (KB911562)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Intel® Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2
Macromedia Shockwave Player
Mammals of Australia v1.0
Marketmaker CFD-FX Asia Pacific Client
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Money 2000 Standard
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Works 7.0
MoneyMatters
MP3 Easy
MSN Messenger 5.0
Panda ActiveScan
PurgeIE - 7.03
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
SMSC IrCC Driver V5.1.2462.0 (WinXP)
Spyware Doctor 4.0
SUPERAntiSpyware Free Edition
The Sims Makin' Magic
TITAN Premier Edition
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Power Management Utility
Toshiba screensaver
TOSHIBA Software Modem
TouchPad On/Off Utility
TRUST SPACEC@M 300
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
VCW VicMan's Photo Editor 7.82
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZoneAlarm Anti-virus


Superanti spyware list
SUPERAntiSpyware Scan Log
Generated 12/30/2006 at 02:30 PM

Application Version : 3.4.1000

Core Rules Database Version : 3156
Trace Rules Database Version: 1171

Scan type : Custom Scan
Total Scan Time : 03:20:43

Memory items scanned : 349
Memory threats detected : 0
Registry items scanned : 4359
Registry threats detected : 1
File items scanned : 77267
File threats detected : 0

Adware.IPWins
HKU\S-1-5-21-1209971621-4285449679-1531294414-1009\Software\IpWins

[Advertisements]

Sorry forgot to add the avg antispyware report

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:44:22 AM 30/12/2006

+ Scan result:



C:\WINDOWS\system32\drqunajb.exe -> Dropper.Small.acg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Cleaned with backup (quarantined).


::Report end

[ianmo]

Sorry forgot to add the avg antispyware report

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:44:22 AM 30/12/2006

+ Scan result:



C:\WINDOWS\system32\drqunajb.exe -> Dropper.Small.acg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Cleaned with backup (quarantined).


::Report end

[Jayzeee]

Hi ianmo and welcome

Download the W32.Klez Removal Tool By Symantec, and save it to your desktop.

• Next reboot into safe mode:
  • Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
• Double-click FixKlez on your desktop to start the removal tool.
• Click Start to begin the process and allow the tool to run.
• When it's finished, reboot back into normal Windows mode.

Rescan with HijackThis and post the logfile back here.

[ianmo]

Thanks for the reply..no klez found..new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:28:05 AM, on 4/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fontbas - C:\WINDOWS\addins\fontbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Klez report:
Neither W32.Klez.gen@mm nor W32.ElKern.gen
were found on your computer.

[Jayzeee]

Okay good. I am seeing some other nasties in your log.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

[ianmo]

Thanks...heres the said reports...

Logfile of HijackThis v1.99.1
Scan saved at 1:49:44 PM, on 4/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fontbas - C:\WINDOWS\addins\fontbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


SDFix: Version 1.54
****************

Thu 04/01/2007 - 13:21:20.17

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\DOCUME~1\Claire\LOCALS~1\Temp\tmp9.tmp
C:\WINDOWS\kb823980.log

Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\system32\Winkbgl.exe
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

FINISHED!

[Jayzeee]

Please re-open HiJackThis and click scan only. Check the boxes next to all the entries listed below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O20 - Winlogon Notify: fontbas - C:\WINDOWS\addins\fontbas.dll (file missing)
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot your machine.

After that...

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[ianmo]

Thanks for your time, heres the logs

Logfile of HijackThis v1.99.1
Scan saved at 7:50:14 AM, on 5/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\HJT.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Claire - 07-01-05 7:27:47.78 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Claire\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))


2007-01-05 07:07 <DIR> d----c--- C:\backups
2007-01-04 13:09 <DIR> d----c--- C:\SDFix
2007-01-01 09:21 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-01 09:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-31 18:19 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-31 18:19 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-31 18:16 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-31 18:11 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-31 18:07 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-31 17:05 <DIR> d----c--- C:\2edfcde50eadd36ac01f47e71bd738
2006-12-31 17:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-31 13:31 218,112 --a--c--- C:\HJT.exe
2006-12-31 08:16 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-31 06:55 <DIR> d-------- C:\Program Files\messenger
2006-12-31 06:48 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-31 06:48 <DIR> d-------- C:\WINDOWS\peernet
2006-12-31 06:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-30 21:02 <DIR> d-------- C:\WINDOWS\EHome
2006-12-30 15:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-30 12:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-12-30 12:03 <DIR> d-------- C:\Documents and Settings\Claire\Application Data\SUPERAntiSpyware.com
2006-12-30 09:56 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-30 09:55 <DIR> d-------- C:\Program Files\Grisoft
2006-12-29 15:18 <DIR> d----c--- C:\bintheredunthat
2006-12-29 14:18 <DIR> d----c--- C:\bfu
2006-12-27 21:58 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0544
2006-12-27 21:58 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-27 19:06 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-27 19:05 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-12-27 19:05 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-12-27 18:57 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-27 18:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-12-27 08:52 <DIR> d-------- C:\Program Files\Spyware Doctor(2)
2006-12-27 00:27 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-12-27 00:27 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-12-27 00:27 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-12-27 00:27 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-12-27 00:27 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-12-27 00:27 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-12-27 00:26 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2006-12-27 00:26 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-12-27 00:26 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-12-27 00:26 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-12-27 00:26 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-12-27 00:26 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-12-27 00:26 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-12-27 00:26 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-12-27 00:26 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2006-12-27 00:26 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-12-27 00:26 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-27 00:26 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-27 00:26 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-12-27 00:26 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-12-27 00:26 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-12-27 00:26 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-27 00:26 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-12-27 00:26 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-12-27 00:25 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-27 00:25 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2006-12-27 00:25 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-12-27 00:25 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-12-27 00:25 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-12-27 00:25 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-12-27 00:25 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-12-27 00:25 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-27 00:25 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-12-27 00:25 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-12-27 00:25 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-12-27 00:25 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-12-27 00:25 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-12-27 00:25 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-12-27 00:25 32,866 --------- C:\WINDOWS\slrundll.exe
2006-12-27 00:25 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-27 00:25 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-12-27 00:25 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-12-27 00:25 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-12-27 00:25 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-12-27 00:25 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-12-27 00:25 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-12-27 00:25 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-27 00:25 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-27 00:25 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-12-27 00:25 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-12-27 00:24 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-12-27 00:24 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-12-27 00:24 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-12-27 00:24 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-12-27 00:24 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-12-27 00:24 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-12-27 00:24 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-27 00:24 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-27 00:24 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-27 00:24 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-12-27 00:24 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-27 00:24 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-12-27 00:24 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-12-27 00:23 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-12-27 00:23 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-12-27 00:22 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-12-27 00:22 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-12-27 00:22 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-12-27 00:22 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-12-27 00:22 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-12-27 00:22 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-12-27 00:22 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-12-27 00:22 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-12-27 00:22 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-12-27 00:22 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-12-27 00:22 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-12-27 00:22 59,392 --------- C:\WINDOWS\system32\logman.exe
2006-12-27 00:22 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-12-27 00:22 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-27 00:22 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-12-27 00:21 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-12-27 00:21 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-12-27 00:21 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-12-27 00:21 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-12-27 00:21 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-12-27 00:21 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-12-27 00:21 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-12-27 00:21 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-12-27 00:21 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-12-27 00:21 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-12-27 00:21 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2006-12-27 00:21 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-12-27 00:21 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-27 00:21 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-27 00:21 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-27 00:21 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-12-27 00:20 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-27 00:20 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-12-27 00:20 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-27 00:20 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-27 00:20 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-27 00:20 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-12-27 00:20 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-12-27 00:20 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-12-27 00:20 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-12-27 00:20 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-12-27 00:20 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-27 00:20 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-12-27 00:20 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-27 00:20 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-12-27 00:20 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-12-27 00:20 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-12-27 00:20 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-12-27 00:20 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-12-27 00:20 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-12-27 00:20 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-12-27 00:20 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-12-27 00:20 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-27 00:20 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-12-27 00:20 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-12-27 00:20 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-27 00:20 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-27 00:20 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-12-27 00:20 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-12-27 00:20 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-27 00:20 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-27 00:20 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-12-27 00:19 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-27 00:19 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-27 00:19 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-12-27 00:19 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-12-27 00:19 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-12-27 00:19 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-12-27 00:19 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-12-27 00:19 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-12-27 00:19 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-12-27 00:19 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-27 00:19 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-12-27 00:19 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-12-27 00:19 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-27 00:19 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-12-27 00:19 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-12-27 00:19 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-12-27 00:19 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-12-27 00:19 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-12-27 00:19 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-12-27 00:19 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-12-27 00:19 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-12-27 00:19 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-12-27 00:19 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-12-27 00:19 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-12-27 00:19 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-27 00:19 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-12-27 00:19 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-12-26 23:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-26 20:26 324 --a--c--- C:\ituninst.bat
2006-12-26 14:32 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$
2006-12-26 08:46 <DIR> d-------- C:\Documents and Settings\Claire\Application Data\Lavasoft
2006-12-26 08:44 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-26 08:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2006-12-25 17:32 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-12-25 17:01 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-25 17:00 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-25 16:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-25 16:27 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-18 12:04 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google
2006-12-18 12:04 <DIR> d-------- C:\Documents and Settings\Claire\Application Data\Google
2006-12-18 12:03 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-12-18 09:01 1,021,504 --a------ C:\WINDOWS\system32\vete.dll
2006-12-07 22:56 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-12-07 22:55 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-12-07 22:55 645,904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-07 22:55 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-12-07 22:55 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-12-07 22:55 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-12-07 22:55 115,088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-12-07 22:26 <DIR> d-------- C:\Program Files\Zone Labs
2006-12-07 20:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-01 15:25 -------- d---s---- C:\Documents and Settings\Claire\Application Data\Microsoft
2007-01-01 09:21 -------- d-------- C:\Program Files\Windows Media Player
2007-01-01 08:36 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 17:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-31 17:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-31 06:48 -------- d-------- C:\Program Files\Movie Maker
2006-12-31 06:26 -------- d-------- C:\Program Files\NetMeeting
2006-12-31 06:25 -------- d-------- C:\Program Files\Windows NT
2006-12-30 16:52 -------- d-------- C:\Program Files\PurgeIE
2006-12-30 12:01 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-29 14:00 -------- d-------- C:\Program Files\Common Files
2006-12-27 20:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-26 20:28 -------- d-------- C:\Program Files\SupervisionCam
2006-12-26 20:25 -------- d-------- C:\Program Files\InterActual
2006-12-26 20:23 -------- d-------- C:\Program Files\Elecard
2006-12-26 11:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-26 11:27 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-26 08:43 890 --a------ C:\Program Files\Google Updater.lnk
2006-12-02 21:13 17177896 --a------ C:\Program Files\Install_Messenger.exe
2006-11-29 15:40 -------- d--h----- C:\Program Files\Zero G Registry
2006-11-27 17:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-08 14:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 22:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 22:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 22:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 22:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 22:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 22:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 22:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 04:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 04:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 04:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 04:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 04:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 04:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 04:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 04:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 04:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 04:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 15:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 22:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 22:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 10:21 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2006-10-13 21:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigPond Toolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpumTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Telstra\\Toolbar\\bpumTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CeEKey"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CePMTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPLDBL10]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CPLDBL10"
"hkey"="HKLM"
"command"="C:\\Program Files\\EzButton\\CPLDBL10.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirGCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\ipwins\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ScsiAccess"=dword:00000002
"KodakCCS"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1079414165.job

Completion time: 07-01-05 7:36:44.56
C:\ComboFix.txt ... 07-01-05 07:36

[Jayzeee]

Thanks for sticking in there, we should see some progress by your next post

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Open HiJackThis and click scan only

• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools"
• click on "delete an NT service"
• Copy and paste this in: ACTIVEWEBCAMWATCHDOG
• Click "ok", then "Back"

Check the box next to the entry listed below.

O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot your machine.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post back the contents of the smitfraudFix report, the panda results, and a new HijackThis log.

[ianmo]

Many thanks for your help with my problems. The pc can now read cameras and I have no probs typing into the address bar. However the ctrl+alt+del still doesnt work, nor the cd drive nor the task manager. Also with the new spyware software on board it is taking upwards of 30 mins to load up at atart up.
Hers the 3 logs requested...
Logfile of HijackThis v1.99.1
Scan saved at 5:11:26 PM, on 6/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Incident Status Location

Spyware:spyware/smitfraud Not disinfected c:\windows\system32\wp.bmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Claire\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Claire\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Claire\Desktop\virus stuff\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Claire\Local Settings\Temporary Internet Files\Content.IE5\6BS8NR1Q\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe

SmitFraudFix v2.132

Scan done at 13:05:34.56, Sat 06/01/2007
Run from C:\Documents and Settings\Claire\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\pharm.ico FOUND !
C:\WINDOWS\system32\spam.ico FOUND !
C:\WINDOWS\system32\wp.bmp FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Claire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Claire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Claire\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[Jayzeee]

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

1. Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

2. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

3. Clean out your Temporary Internet files. Proceed as follows:

• Quit Internet Explorer and quit any instances of Windows Explorer.
• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

4. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

5. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

6. Reboot back into Normal Windows Mode.

7. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

8. Please Post the following logs:

• c:\rapport.txt
• A new HijackThis log

[ianmo]

Thanks mate, here goes:
Logfile of HijackThis v1.99.1
Scan saved at 8:32:15 AM, on 7/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167044664203
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SmitFraudFix v2.132

Scan done at 7:54:08.84, Sun 07/01/2007
Run from C:\Documents and Settings\Claire\Desktop\virus stuff\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\pharm.ico Deleted
C:\WINDOWS\system32\spam.ico Deleted
C:\WINDOWS\system32\wp.bmp Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[Jayzeee]

Looks clean, are you still experiencing problems?

[ianmo]

Unfortunately I'm still unable to use the task manager, ctrl+alt+del, the cd drive (though device manager says its ok), and its so slooooooww. I can hear the p4 just ticking over like an old 386! With the new anti spyware on board its taking upwards of 30 mins to load at start up.
Any further suggestions would be greatly appreciated.
Cheers mate,
Ian

[Jayzeee]

Okay, lets try this...

1. Click Start > Control Panel, and then click User Accounts.
2. Click the Advanced tab.
3. In the Secure logon section, select the "Require users to press Ctrl+Alt+Delete" check box.

Right click here and save the .reg file to your desktop.

Double click taskmanager.reg on your desktop. Click Yes at the prompt.

Reboot your machine, let me know if ctrl+alt+del and your task manager are working.