[Amadauss]

Have client hack and some spyware that I remove with spyremover and keeps coming back. And on this log, do not recognize some of these things.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:13 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYUS
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178461330062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165875268081
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7188 bytes

[Advertisements]

Hi there let me see if I can help you out

FIRST

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

NEXT

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\svshost.exe
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

FINALLY

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I will also need an uninstall list

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post


Logs required are OTMoveit, Combofix and an Uninstall list

[Essexboy]

Hi there let me see if I can help you out

FIRST

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

NEXT

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\svshost.exe
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

FINALLY

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I will also need an uninstall list

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post


Logs required are OTMoveit, Combofix and an Uninstall list

[Amadauss]

Thanks for helping me out. Did the first command of checking the box 4 and then clicking fixed check and then close hijackthis.
Then went to send direction, downloaded otMoveit, copied the file and paste it in the files folders to be moved
There is a check in the Unregister Dll's and Ocx's of the program, left it there
When I hit move it I get a message with red X Cannot create file C:|_OTMoveIt\MovedFiles]10212007_004007.log.

Here are results in the Results box.

File/Folder C:\WINDOWS\system32\svshost.exe not found.
File/Folder not found.
File/Folder not found.

Created on 10/21/2007 00:40:07

I stopped here because I wasn't sure if I should continue getting this message. Will wait for you to gell me what to do next. Thanks so much.

Edited by Amadauss, 20 October 2007 - 10:50 PM.

[Amadauss]

I thought maybe I should run the next program so I did. I did get two messages of SED.CFexe has encountered a problem and needs to close. I hit ok and then the program started running again where it left off. Then it rebooted and then had another error message of encountered a problem and then produced a log. I hope everything is ok. Here is the log it gave me.

ComboFix 07-10-21.1** - dad 2007-10-21 0:53:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2226 [GMT -4:00]
Running from: C:\Documents and Settings\dad\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dad\Application Data\inst.exe
C:\WINDOWS\install.exe
C:\WINDOWS\system32\drivers\sfsync03.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SFSYNC03
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-21 00:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 10:56 <DIR> d-------- C:\Program Files\Image Trends Inc
2007-10-20 10:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 10:45 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-10-19 17:40 <DIR> d-------- C:\Program Files\SpyRemover
2007-10-19 17:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-18 02:39 <DIR> d-------- C:\Documents and Settings\dad\Application Data\mIRC
2007-10-18 01:17 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Talkback
2007-10-17 19:49 <DIR> d-------- C:\Program Files\Investintech.com Inc
2007-10-14 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-14 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(2)
2007-10-14 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage(2)
2007-10-13 23:42 <DIR> d-------- C:\Program Files\Advanced Registry Fix
2007-10-12 01:25 <DIR> d-------- C:\Program Files\Super DVD Creator 9.30
2007-10-12 00:49 36,912 --a------ C:\WINDOWS\system32\pcimsg.dll
2007-10-12 00:48 32,096 --a------ C:\WINDOWS\system32\gdihook5.dll
2007-10-12 00:48 31,584 --a------ C:\WINDOWS\system32\drivers\gdihook5.sys
2007-10-12 00:47 317,952 --a------ C:\WINDOWS\system32\RoboEX32.DLL
2007-10-11 22:20 <DIR> d-------- C:\Program Files\Wave Arts
2007-10-11 22:20 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2007-10-11 21:50 <DIR> d-------- C:\Program Files\Arial Audio Converter
2007-10-11 21:21 <DIR> d-------- C:\Program Files\PowerTracks DirectX Plugins
2007-10-11 21:20 <DIR> d-------- C:\bb
2007-10-11 17:39 8 --ah----- C:\WINDOWS\system32\adb.dat
2007-10-11 16:53 <DIR> d-------- C:\evil roy slade orgasmo
2007-10-10 16:16 <DIR> d-------- C:\Documents and Settings\son\Application Data\Reallusion
2007-10-09 16:34 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 22:33 <DIR> d-------- C:\Program Files\A-one DVD Ripper
2007-10-07 23:59 <DIR> d-------- C:\Program Files\AML Products
2007-10-07 23:56 <DIR> d-------- C:\Program Files\Alien Skin
2007-10-07 20:37 <DIR> d-------- C:\Program Files\CopyPod
2007-10-06 23:30 <DIR> d-------- C:\Program Files\FaceOnBody
2007-10-06 23:21 <DIR> d-------- C:\Program Files\ImTOO
2007-10-05 00:36 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Reallusion
2007-10-04 22:33 <DIR> d-------- C:\Program Files\vp5e
2007-10-04 22:24 <DIR> d-------- C:\Program Files\The Logo Creator v5
2007-10-04 22:09 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Laplink
2007-10-04 20:02 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-10-04 20:02 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Web Page Maker V2
2007-10-02 22:10 <DIR> d-------- C:\Program Files\Reallusion
2007-10-02 22:10 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2007-10-02 18:57 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-10-02 18:57 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-10-02 18:57 118,784 --a------ C:\WINDOWS\system32\msstdfmt.dll
2007-10-02 17:22 <DIR> d-------- C:\Program Files\ZD Soft
2007-09-30 21:20 <DIR> d-------- C:\Program Files\Magellass
2007-09-30 12:27 <DIR> d-------- C:\Program Files\Magic Music Factory
2007-09-29 19:31 <DIR> d-------- C:\Program Files\Magic Video Converter
2007-09-29 19:31 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-09-29 01:01 <DIR> d-------- C:\Documents and Settings\dad\Application Data\uk.co.planetside
2007-09-29 00:59 <DIR> d-------- C:\Program Files\Terragen
2007-09-29 00:15 <DIR> d-------- C:\Program Files\Download Direct
2007-09-29 00:10 <DIR> d-------- C:\Program Files\McFunSoft Audio Studio
2007-09-28 23:49 <DIR> d-------- C:\Program Files\Kontakt Player 2
2007-09-28 23:49 <DIR> d-------- C:\Program Files\Garritan Instruments for Finale
2007-09-28 22:53 <DIR> d-------- C:\PSFONTS
2007-09-28 22:52 <DIR> d-------- C:\Program Files\Finale 2008
2007-09-28 21:47 <DIR> d-------- C:\Documents and Settings\dad\Application Data\DAEMON Tools Pro
2007-09-28 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-09-28 21:45 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-09-28 21:43 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-28 13:44 <DIR> d-------- C:\Program Files\Registry Clean Expert
2007-09-28 13:41 <DIR> d-------- C:\Program Files\SWiSHmax
2007-09-28 12:32 <DIR> d-------- C:\Program Files\DigitalView Video Studio
2007-09-24 22:01 <DIR> d-------- C:\Program Files\FirmTools
2007-09-24 22:01 <DIR> d-------- C:\My PhotoAlbums
2007-09-24 21:55 <DIR> d-------- C:\Program Files\PhotoActions
2007-09-24 21:18 <DIR> d-------- C:\Program Files\AVD Graphic Studio 6.7 TRIAL
2007-09-24 21:16 <DIR> d-------- C:\Program Files\AllStar DVD Photo Slideshow
2007-09-23 14:35 <DIR> d-------- C:\DVDShrink
2007-09-23 01:47 <DIR> d-------- C:\Program Files\PasswordTools
2007-09-23 01:45 <DIR> d-------- C:\WINDOWS\system32\1986
2007-09-23 01:45 <DIR> d-------- C:\WINDOWS\system32\1003
2007-09-23 01:42 <DIR> d-------- C:\WINDOWS\system32\1104
2007-09-23 01:42 <DIR> d-------- C:\WINDOWS\File Anti-Copy
2007-09-23 01:42 <DIR> d-------- C:\Program Files\File Anti-Copy
2007-09-22 01:08 <DIR> d-------- C:\Documents and Settings\dad\Application Data\1clickPro
2007-09-21 07:33 <DIR> d-------- C:\Program Files\Advanced MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 04:17 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2007-10-20 14:45 --------- d-----w C:\Program Files\ffdshow
2007-10-20 14:45 --------- d-----w C:\Program Files\DScaler5
2007-10-20 05:42 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2007-10-20 05:42 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2007-10-19 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2007-10-19 10:11 --------- d-----w C:\Documents and Settings\dad\Application Data\U3
2007-10-19 00:29 --------- d-----w C:\Program Files\mIRC
2007-10-18 18:53 --------- d-----w C:\Documents and Settings\dad\Application Data\dvdcss
2007-10-18 02:08 --------- d-----w C:\Documents and Settings\dad\Application Data\SolidDocuments
2007-10-15 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 21:35 --------- d-----w C:\Program Files\CloneDVD
2007-10-14 17:04 --------- d-----w C:\Documents and Settings\mom\Application Data\SolidDocuments
2007-10-12 02:22 --------- d-----w C:\Program Files\VstPlugins
2007-10-12 01:23 --------- d-----w C:\Program Files\VirtualDJ
2007-10-11 01:24 --------- d-----w C:\Program Files\Games X Copy
2007-10-11 01:23 --------- d-----w C:\Program Files\Asus
2007-10-11 01:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 12:54 --------- d-----w C:\Program Files\Video Enhancer
2007-10-10 12:54 --------- d-----w C:\Program Files\TrojanHunter 4.7
2007-10-10 11:40 --------- d---a-w C:\Program Files\(KraMixer)
2007-10-10 11:40 --------- d-----w C:\Program Files\YouTubeRobot
2007-10-10 11:40 --------- d-----w C:\Program Files\YouTube Movie Ripper V1.1
2007-10-10 11:40 --------- d-----w C:\Program Files\WinSnap
2007-10-10 11:40 --------- d-----w C:\Program Files\WinHTTrack
2007-10-10 11:40 --------- d-----w C:\Program Files\Video Snapshots Genius
2007-10-10 11:40 --------- d-----w C:\Program Files\Video Convert Premier
2007-10-10 11:40 --------- d-----w C:\Program Files\VibeStreamer
2007-10-10 11:40 --------- d-----w C:\Program Files\UltraISO
2007-10-10 11:40 --------- d-----w C:\Program Files\QuickSFV
2007-10-10 11:40 --------- d-----w C:\Program Files\PowerISO
2007-10-10 11:40 --------- d-----w C:\Program Files\PE Explorer
2007-10-10 11:40 --------- d-----w C:\Program Files\PDF Password Remover v3.0
2007-10-10 11:40 --------- d-----w C:\Program Files\No1 DVD Ripper
2007-10-10 11:40 --------- d-----w C:\Program Files\MP3Fitness
2007-10-10 11:40 --------- d-----w C:\Program Files\honestech VHS to DVD 3.0
2007-10-10 11:40 --------- d-----w C:\Program Files\Hide IP Platinum
2007-10-10 11:40 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2007-10-10 11:40 --------- d-----w C:\Program Files\DVD Shrink
2007-10-10 11:40 --------- d-----w C:\Program Files\DeadDiskDoctor
2007-10-10 11:40 --------- d-----w C:\Program Files\[bleep] NFO Viewer
2007-10-10 11:40 --------- d-----w C:\Program Files\CCleaner
2007-10-10 11:40 --------- d-----w C:\Program Files\AviDvdBurner
2007-10-10 11:40 --------- d-----w C:\Program Files\AutoGK
2007-10-10 11:40 --------- d-----w C:\Program Files\7-Zip
2007-10-06 01:44 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-05 03:58 --------- d-----w C:\Program Files\CyberLink
2007-10-05 01:54 --------- d-----w C:\Documents and Settings\dad\Application Data\Vso
2007-10-05 01:53 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-05 01:53 47,360 ----a-w C:\Documents and Settings\dad\Application Data\pcouffin.sys
2007-10-05 01:53 --------- d-----w C:\Program Files\LG Software Innovations
2007-10-03 12:24 --------- d-----w C:\Program Files\Blaze Media Pro
2007-10-02 16:00 --------- d-----w C:\Documents and Settings\daughter\Application Data\SolidDocuments
2007-10-02 01:12 --------- d-----w C:\Program Files\ACD Systems
2007-09-30 22:25 --------- d-----w C:\Documents and Settings\dad\Application Data\DivX
2007-09-30 12:31 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-09-30 12:31 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-29 12:32 --------- d-----w C:\Documents and Settings\son\Application Data\SolidDocuments
2007-09-29 12:20 --------- d-----w C:\Documents and Settings\dad\Application Data\Mobile Master
2007-09-29 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-09-28 16:38 --------- d-----w C:\Program Files\AVD Video Processor 7.7 TRIAL
2007-09-24 15:17 --------- d-----w C:\Documents and Settings\dad\Application Data\Cyberlink
2007-09-23 18:08 --------- d-----w C:\Program Files\CoinManage
2007-09-21 13:10 --------- d-----w C:\Program Files\Magic Burning Studio
2007-09-21 03:01 --------- d-----w C:\Program Files\PhotoZoom Pro 2
2007-09-20 03:06 --------- d-----w C:\Program Files\onOne Software
2007-09-20 02:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-20 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\EarMaster
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\SlySoft
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\Photodex
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\Netscape
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\Comodo
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\bibble
2007-09-18 21:19 --------- d-----w C:\Documents and Settings\dad\Application Data\Azureus
2007-09-18 21:14 --------- d-----w C:\Documents and Settings\mom\Application Data\URSoft
2007-09-18 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2007-09-17 00:43 --------- d-----w C:\Program Files\Lavasoft
2007-09-14 10:22 --------- d-----w C:\Program Files\DivX
2007-09-11 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BurstCopy Labs
2007-09-10 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-10 23:41 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-09-10 20:31 --------- d-----w C:\Program Files\Advanced Registry Doctor
2007-09-10 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-10 01:24 --------- d-----w C:\Program Files\AKoff Music Composer
2007-09-10 01:09 --------- d-----w C:\Program Files\HighCriteria
2007-09-09 05:21 --------- d-----w C:\Documents and Settings\dad\Application Data\Pegasys Inc
2007-09-09 05:19 --------- d-----w C:\Program Files\Pegasys Inc
2007-09-06 01:02 --------- d-----w C:\Program Files\Maxtor
2007-09-04 01:09 --------- d-----w C:\Program Files\Business Letter Professional
2007-09-03 23:39 --------- d-----w C:\Documents and Settings\dad\Application Data\Cakewalk
2007-09-03 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2007-09-03 23:30 --------- d-----w C:\Program Files\Cakewalk
2007-09-02 01:36 --------- d-----w C:\Program Files\LimeWire
2007-09-02 01:36 --------- d-----w C:\Program Files\Any Video Converter Professional
2007-09-02 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-08-30 03:52 25,586 ----a-w C:\aem8.dat
2007-08-30 03:52 --------- d-----w C:\Program Files\Audio Edit Magic
2007-08-29 04:22 --------- d-----w C:\Program Files\SiteThief
2007-08-27 03:02 --------- d-----w C:\Documents and Settings\dad\Application Data\GEAR PRO Mastering Edition 7.03
2007-08-27 02:56 --------- d-----w C:\Program Files\GEAR Software
2006-05-02 22:11:25 108 --sha-r C:\WINDOWS\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-30 08:31]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
backup=C:\WINDOWS\pss\GhostSurf proxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Smart Wizard.lnk]
backup=C:\WINDOWS\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dad^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dad^Start Menu^Programs^Startup^Scheduler.lnk]
backup=C:\WINDOWS\pss\Scheduler.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurf Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurfDelSatellite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ACS"=2 (0x2)
"ANIWZCSdService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"McNASvc"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys
R1 nvport;NVIDIA PORT IO Control Driver;\??\C:\WINDOWS\system32\Drivers\nvport.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe"
S3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys
S4 GuiHook;GuiHook;C:\PROGRA~1\NETSUP~1\guihook.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-21 04:58:41 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-10-05 16:09:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-10-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 00:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 1:00:08 - machine was rebooted
.
--- E O F ---

Edited by Amadauss, 20 October 2007 - 11:07 PM.

[Amadauss]

Here is the uninstall list from HiJack this Thanks again


#1 DVD Ripper 5.3
1Click DVD Copy Pro 3.0.1.8
Able2Extract Professional v5.0
Absolute MP3 Splitter version 2.6.4
Ace Translator
ActiveX Manager
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced MP3 Converter 3.00
Advanced Registry Doctor
Advanced Uninstaller PRO 2006 - version 7
AHV content for Acrobat and Flash
AKoff Music Composer
Album Creator
Alien Skin Eye Candy 5 Textures
Allok Video Splitter 1.6.4
AllStar DVD Photo Slideshow 2.0
Anim-FX
ANIO Service
ANIWZCS2 Service
Any Video Converter Professional 2.2.2
A-one DVD Ripper 6.28
Apex Video Converter Super 5.94
Arial Audio Converter version 2.3.56
ASUSUpdate
Athlon 64 Processor Driver
Audio Edit Magic v9.2.14 Build 775
Auto Gordian Knot 2.40
AutorunMagick Studio 2.2.2
AVD Graphic Studio 6.7 TRIAL
AVD Video Processor 7.7 TRIAL
AVI DVD Burner 2007 ver 2.25
AviSynth 2.5
Band-in-a-Box 2006
Banner Maker Pro Version 6
BenVista PhotoZoom Pro 2.2.8
Blaze Media Pro
Business Letter Professional 2006 v5.2
CCleaner (remove only)
CD Audio Reader Filter (remove only)
Cinematize 2.0
CloneDVD 3.9.3
CloneDVDmobile
CoinManage 2007
Combined Community Codec Pack 2007-02-22
ConvertXtoDVD 2.2.2.256
Cool & Quiet
CopyPod (remove only)
CrazyTalk v4.5 Media Studio
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Driver Magician 3.21
DScaler 5 Mpeg Decoders
DS-MP3 Source 1.30
DVD Decrypter (Remove Only)
Easy CD-DA Extractor 10
EasyMPEG MX
EVGA Display Driver
FaceOnBody
ffdshow [rev 1548] [2007-10-19]
File Anti-Copy
Finale 2008
GEAR PRO "Mastering Edition" 7.03
Guardian Addon MSI
Haali Media Splitter
Hide IP Platinum 3.31
HijackThis 2.0.2
honestech VHS to DVD 3.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Image Zone 4.2
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP PSC & OfficeJet 4.2
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Image Trends' PearlyWhites Plug-In 1.0.1
ImTOO Audio Maker
Intellihance Pro 4.2
J2SE Runtime Environment 5.0 Update 10
LimeWire PRO 4.12.11
Logo Design Studio Pro
Magic Burning Studio v10.4.2
Magic Music Factory v7.0.6.1
Magic Video Converter Trial Version (English) 8.0.3.18
MaxBlast 4
McFunSoft Audio Studio v6.7.5
MediaMonkey 2.5
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
Mozilla Firefox (2.0.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nitro PDF Professional
NOD32 antivirus system
NOD32 FiX
Nuclear Coffee VideoGet 1.0
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PureVideo Decoder
Okoker CD&DVD Burner 2.3
Ovation
Ovation
PasswordTools
PDF Password Remover v3.0
PDF Settings
Pdf995
PdfEdit995
PG Music DirectX Plugins 1.3.4.1
PhotoTune 2
PhotoWatermark Professional 7
Power MP4 iPod PSP 3GP AVI MPG WMV Video Converter 5.0
PowerCinema NE for Everio
PowerDirector Express
PowerDVD Ultra
PowerISO
PowerPlugs: Presentations to Go
PowerPlugs: Video Backgrounds
PowerProducer
QuickSFV (Remove only)
QuickTime Alternative 1.68
RealMedia (remove only)
Realtek AC'97 Audio
Registry Clean Expert
RegistryFix v6.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SHOUTcast Source (remove only)
Site Studio
Site-Thief
SnagIt 8
SolidConverterPDF
SONAR 6.2.1 Producer Edition
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sound Blaster Live!
SpyRemover 2.73
Super DVD Creator 9.30
TaxCut Premium 2006
Terragen
Text to Speech Maker version 1.5.2
TMPGEnc 4.0 XPress
TMPGEnc DVD Source Creator 4
Total Recorder 6.1
TubeHunter
U3Launcher
Ultra PSP Movie Converter 3.2.0623
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
UVU Media Player
VASA Video Converter V5.0
Video Convert Premier Trial Version (English) 8.0.5.20
Video Enhancer 1.5
VideoLAN VLC media player 0.8.6a
ViewSonic Monitor Drivers
Virtual DJ - Atomix Productions
Virtual Painter 5 (Standalone)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VobSub v2.23 (Remove Only)
Wave Arts Master Restoration
Web Page Maker V2.5
WinAVI Video Converter
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Wondershare Flash SlideShow Builder (2.3.7.0)
XviD MPEG-4 Codec
Your Uninstaller! 2006 Version 5
YouTube Movie Ripper
YouTube Robot 2.0.2007.829
ZD Soft Screen Recorder
Zoom Player (remove only)

[Essexboy]

Looking a tad better

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\bb


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

__________________________________

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

___________________________________________________

Download and then run SuperAntispyware

• On the first page select Check for Updates
• On completion select SCAN YOUR COMPUTER
• On the next page select COMPLETE SCAN and tick ALL your drives
• The next stage will take a while as your entire drive(s), memory and registry are scanned
• When it has completed click NEXT
• The next screen shows the problems found click OK
• On the next screen place a tick against all items and select NEXT
• Now to get the log Go to the PREFERENCES button on the right bottom
• Select the STATISTICS/LOG tab
• Highlight the scan just completed and click VIEW LOG
• This will open a notepad text file copy and paste this to your next reply

Logs required this time are Superantispyware, Hijackthis log and OTMoveit

[Amadauss]

BB run and this is the result. Have to reboot machine.

C:\bb\vsc moved successfully.
C:\bb\Tutorial - Repeats and Endings moved successfully.
C:\bb\Tutorial - BB 2006 moved successfully.
C:\bb\Tutorial - BB 2005 Demos\Fourths Harmonies demos moved successfully.
C:\bb\Tutorial - BB 2005 Demos moved successfully.
C:\bb\Tutorial - Audio Harmonies moved successfully.
C:\bb\Styles58 moved successfully.
C:\bb\Styles57 moved successfully.
C:\bb\Styles56 moved successfully.
C:\bb\Styles55 moved successfully.
C:\bb\Styles54 moved successfully.
C:\bb\Styles53 moved successfully.
C:\bb\styles52 moved successfully.
C:\bb\styles51 moved successfully.
C:\bb\styles50 moved successfully.
C:\bb\styles49 moved successfully.
C:\bb\styles48 moved successfully.
C:\bb\Styles47 moved successfully.
C:\bb\Styles46 moved successfully.
C:\bb\Styles45 moved successfully.
C:\bb\Styles44 moved successfully.
C:\bb\Styles43 moved successfully.
C:\bb\Styles42 moved successfully.
C:\bb\Styles41 moved successfully.
C:\bb\Styles40 moved successfully.
C:\bb\Styles39 moved successfully.
C:\bb\Styles38 moved successfully.
C:\bb\Styles37 moved successfully.
C:\bb\Styles36 moved successfully.
C:\bb\Styles35 moved successfully.
C:\bb\Styles34 moved successfully.
C:\bb\Styles33 moved successfully.
C:\bb\Styles32 moved successfully.
C:\bb\Styles31 moved successfully.
C:\bb\Styles30 moved successfully.
C:\bb\Styles29 moved successfully.
C:\bb\Styles28 moved successfully.
C:\bb\Styles27 moved successfully.
C:\bb\Styles26 moved successfully.
C:\bb\Styles25 moved successfully.
C:\bb\Styles24 moved successfully.
C:\bb\Styles23 moved successfully.
C:\bb\Styles22 moved successfully.
C:\bb\Styles21 moved successfully.
C:\bb\Styles20 moved successfully.
C:\bb\Styles19 moved successfully.
C:\bb\Styles18 moved successfully.
C:\bb\Styles17 moved successfully.
C:\bb\Styles16 moved successfully.
C:\bb\Styles15 moved successfully.
C:\bb\Styles14 moved successfully.
C:\bb\Styles13 moved successfully.
C:\bb\Styles12 moved successfully.
C:\bb\Styles11 moved successfully.
C:\bb\Styles10 moved successfully.
C:\bb\Styles09 moved successfully.
C:\bb\Styles08 moved successfully.
C:\bb\Styles07 moved successfully.
C:\bb\Styles06 moved successfully.
C:\bb\Styles05 moved successfully.
C:\bb\Styles04 moved successfully.
C:\bb\Styles03 moved successfully.
C:\bb\Styles02 moved successfully.
C:\bb\Styles01 moved successfully.
C:\bb\Styles00 moved successfully.
C:\bb\Soundtrack MIDI Fakebook moved successfully.
C:\bb\Soloist 18 Demos - Soundtrack moved successfully.
C:\bb\Soloist 17 Demos - Trombone moved successfully.
C:\bb\Soloist 16 Demos - Saxophone moved successfully.
C:\bb\Soloist 11 Demos - Trumpet moved successfully.
C:\bb\Soloist 10 Demos - Ballads and Guitar moved successfully.
C:\bb\SOLODEMO moved successfully.
C:\bb\sol9demo moved successfully.
C:\bb\Sol8Demo moved successfully.
C:\bb\SOL7DEMO moved successfully.
C:\bb\SOL6DEMO moved successfully.
C:\bb\SOL5BLUE moved successfully.
C:\bb\SOL4ROCK moved successfully.
C:\bb\SOL3JAZZ moved successfully.
C:\bb\SOL2JAZZ moved successfully.
C:\bb\Melodist 6 Demos - Pop-Rock & Soundtrack moved successfully.
C:\bb\Melodist 5 Demos - Bluegrass, Irish moved successfully.
C:\bb\Melodist 4 Demos - Bossa,Smooth Jazz moved successfully.
C:\bb\JAZZPRAC moved successfully.
C:\bb\Jazz Styles Upgraded moved successfully.
C:\bb\Jazz Guitar Solos - Swingin Vol 4 moved successfully.
C:\bb\fgsolo50 moved successfully.
C:\bb\Ear Training\Pitch Invasion\Wavs moved successfully.
C:\bb\Ear Training\Pitch Invasion\Pics moved successfully.
C:\bb\Ear Training\Pitch Invasion\Images moved successfully.
C:\bb\Ear Training\Pitch Invasion moved successfully.
C:\bb\Ear Training\Music Replay\Wavs moved successfully.
C:\bb\Ear Training\Music Replay\RhythmReplay moved successfully.
C:\bb\Ear Training\Music Replay\Pics01 moved successfully.
C:\bb\Ear Training\Music Replay\MelodyReplay moved successfully.
C:\bb\Ear Training\Music Replay moved successfully.
C:\bb\Ear Training moved successfully.
C:\bb\DX Settings moved successfully.
Folder move failed. C:\bb\Default7BBC scheduled to be moved on reboot.
C:\bb\Classical MIDI-FakeBook3 moved successfully.
C:\bb\BLUEJAMF moved successfully.
C:\bb\BLUEJAMC moved successfully.
C:\bb\Bluegrass Melodist Demos moved successfully.
C:\bb moved successfully.

Created on 10/21/2007 20:15:07

[Amadauss]

Here is the hijack log, now removing Java and rebooting to reinstall new version.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:31 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYUS
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178461330062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165875268081
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7085 bytes

[Amadauss]

ok, here is the super Anti spyware log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/21/2007 at 09:57 PM

Application Version : 3.9.1008

Core Rules Database Version : 3328
Trace Rules Database Version: 1329

Scan type : Complete Scan
Total Scan Time : 01:11:51

Memory items scanned : 333
Memory threats detected : 0
Registry items scanned : 7054
Registry threats detected : 0
File items scanned : 94505
File threats detected : 142

Adware.Tracking Cookie
C:\Documents and Settings\dad\Cookies\[email protected][2].txt
C:\Documents and Settings\dad\Cookies\dad@questionmarket[2].txt
C:\Documents and Settings\dad\Cookies\dad@advertising[2].txt
C:\Documents and Settings\dad\Cookies\dad@adrevolver[2].txt
C:\Documents and Settings\dad\Cookies\dad@revsci[2].txt
C:\Documents and Settings\dad\Cookies\dad@doubleclick[2].txt
C:\Documents and Settings\dad\Cookies\dad@tacoda[2].txt
C:\Documents and Settings\dad\Cookies\dad@hitbox[2].txt
C:\Documents and Settings\dad\Cookies\[email protected][2].txt
C:\Documents and Settings\dad\Cookies\dad@adrevolver[1].txt
C:\Documents and Settings\dad\Cookies\dad@2o7[1].txt
C:\Documents and Settings\dad\Cookies\dad@interclick[2].txt
C:\Documents and Settings\dad\Cookies\dad@specificclick[2].txt
C:\Documents and Settings\dad\Cookies\[email protected][1].txt
C:\Documents and Settings\dad\Cookies\dad@adlegend[1].txt
C:\Documents and Settings\dad\Cookies\dad@fastclick[2].txt
C:\Documents and Settings\dad\Cookies\dad@atdmt[2].txt
C:\Documents and Settings\dad\Cookies\[email protected][2].txt
C:\Documents and Settings\dad\Cookies\dad@tribalfusion[2].txt
C:\Documents and Settings\daughter\Cookies\daughter@adrevolver[1].txt
C:\Documents and Settings\daughter\Cookies\daughter@adrevolver[3].txt
C:\Documents and Settings\daughter\Cookies\[email protected][2].txt
C:\Documents and Settings\daughter\Cookies\[email protected][2].txt
C:\Documents and Settings\daughter\Cookies\daughter@fastclick[1].txt
C:\Documents and Settings\daughter\Cookies\daughter@interclick[2].txt
C:\Documents and Settings\daughter\Cookies\daughter@mediaplex[2].txt
C:\Documents and Settings\daughter\Cookies\daughter@tacoda[1].txt
C:\Documents and Settings\daughter\Cookies\daughter@tripod[1].txt
C:\Documents and Settings\mom\Cookies\mom@2o7[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@adecn[1].txt
C:\Documents and Settings\mom\Cookies\mom@adinterax[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@adrevolver[2].txt
C:\Documents and Settings\mom\Cookies\mom@adrevolver[3].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@adtech[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@atdmt[2].txt
C:\Documents and Settings\mom\Cookies\mom@azoogleads[1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@burstnet[2].txt
C:\Documents and Settings\mom\Cookies\mom@cpvfeed[1].txt
C:\Documents and Settings\mom\Cookies\mom@doubleclick[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@hitbox[1].txt
C:\Documents and Settings\mom\Cookies\mom@interclick[2].txt
C:\Documents and Settings\mom\Cookies\mom@linksynergy[1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@mediaplex[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@pbteen[2].txt
C:\Documents and Settings\mom\Cookies\mom@pbteen[3].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@pro-market[2].txt
C:\Documents and Settings\mom\Cookies\mom@qksrv[2].txt
C:\Documents and Settings\mom\Cookies\mom@realmedia[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\mom@serving-sys[2].txt
C:\Documents and Settings\mom\Cookies\mom@specificclick[1].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@trafficmp[2].txt
C:\Documents and Settings\mom\Cookies\[email protected][1].txt
C:\Documents and Settings\mom\Cookies\mom@tribalfusion[1].txt
C:\Documents and Settings\mom\Cookies\mom@tripod[1].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\mom\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\son@2o7[1].txt
C:\Documents and Settings\son\Cookies\son@2o7[2].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\son@adbrite[2].txt
C:\Documents and Settings\son\Cookies\son@adrevolver[2].txt
C:\Documents and Settings\son\Cookies\son@adrevolver[3].txt
C:\Documents and Settings\son\Cookies\son@adrevolver[4].txt
C:\Documents and Settings\son\Cookies\son@adrevolver[5].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\son@advertising[2].txt
C:\Documents and Settings\son\Cookies\son@advertising[3].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\son@atdmt[1].txt
C:\Documents and Settings\son\Cookies\son@atdmt[3].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\son@casalemedia[1].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\son@doubleclick[1].txt
C:\Documents and Settings\son\Cookies\son@doubleclick[2].txt
C:\Documents and Settings\son\Cookies\son@fastclick[1].txt
C:\Documents and Settings\son\Cookies\son@fastclick[3].txt
C:\Documents and Settings\son\Cookies\son@gamestats[2].txt
C:\Documents and Settings\son\Cookies\son@mediaplex[1].txt
C:\Documents and Settings\son\Cookies\son@questionmarket[1].txt
C:\Documents and Settings\son\Cookies\son@questionmarket[3].txt
C:\Documents and Settings\son\Cookies\son@questionmarket[4].txt
C:\Documents and Settings\son\Cookies\son@revsci[2].txt
C:\Documents and Settings\son\Cookies\son@revsci[3].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\son@specificclick[2].txt
C:\Documents and Settings\son\Cookies\son@statcounter[2].txt
C:\Documents and Settings\son\Cookies\son@tacoda[1].txt
C:\Documents and Settings\son\Cookies\son@tacoda[2].txt
C:\Documents and Settings\son\Cookies\son@tribalfusion[1].txt
C:\Documents and Settings\son\Cookies\son@tribalfusion[2].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\son\Cookies\[email protected][2].txt
C:\Documents and Settings\son\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@adinterax[1].txt
C:\Documents and Settings\User\Cookies\user@atwola[1].txt
C:\Documents and Settings\User\Cookies\user@mycarstats[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\DAD\DESKTOP\ILT\ANONYMITY.GATEWAY.V2.7.WINALL-CRD\ANONYMITY.GATEWAY.V2.7.WINALL.-CRD\
C:\DOCUMENTS AND seTTINGS\DAD\DESKTOP\MUSIC\APEX.VIDEO.CONVERTER.SUPER.V5.85.WINALLCRD\APEX.VIDEO.CONVERTER.SUPER.V5.85.WINALL.INCL\CNX0105A\
C:\DOCUMENTS AND SETTINGS\DAD\DESKTOP\PHOTO DRAWING TUTORIAL\CNX0105A
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTAL.RECORDER.PRO.V6.1
J:\MUSIC\ABSOLUTE.MP3.SPLITTER.CONVERTER.V2.6.4.WINALL-CHICNCREAM\CNCLK08A\CNCLK08\ABSOLUTE.MP3.SPLITTER.CONVERTER.V2.6.4
J:\NEW FOLDER\APEX VIDEO CONVERTER SUPER 5.88\
BearShare File Sharing Client
K:\MUSIC\BEAR\BEARSHARE PRO V5.2.5.3 (CRK_DIGERATI)\

[Essexboy]

Looking good now, are you experiencing any problems ?

[Amadauss]

No, so far so good. If you think I have cleaned it all up, I am happy. Should I purchase that Super Anti Spyware? Or am I counting to much on my Nod 32 to do the job and it just can't find everything? Obviously it did not if this stuff got on my computer. If you think it would be a good idea, I will do it. I really appreciate your help. You guys are the best, and for you to take precious seconds out of your day to help someone you don't even know, means very much to me. Again, thank you for everything.

[Amadauss]

I almost feel embarrassed to ask you but I do have one more thing. If you took note I had a program called cfos on my computer that would help speed up my connection to the web. My cable provider gives me 20 mb's download and 2 mbs upload speed which 90 percent of the time I never hit. When I ran the cfos, it did seem to speed the connection up a little bit. Running a couple computers (kids, laptop) through a router, Linksys WRT150N, which I think I have set up correctly but not always sure. Any suggestions? Thanks again!!!!

[Essexboy]

Should I purchase that Super Anti Spyware? Or am I counting to much on my Nod 32 to do the job and it just can't find everything?

Superantispyware (SAS) free is an on demand programme, the paid version includes real time monitoring which is only required if you are dubious about how safe people are when they use your system. And there is a difference between a Virus and Malware although the edges are starting to blur now. With my system I have one Antivirus and SAS which along with Spywareblaster has kept me clean for many a year..

I almost feel embarrassed to ask you

Don't be . With regard to Cfos, to be honest I am sceptical of speed enhancement programmes.. As there are too many variables within the system. Rarely does anyone get the stated download speeds from their ISP. I am supposed to get 8Mb but rarely get above 6Mb as I am near the end of the line.

Now the best part of the day ----- Your log now appears clean

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.