PDA

View Full Version : i have the popup virus, please help



travisbickle
2007-08-31, 20:18
ive tried 6 different removal tools, spybot, panda, uniblue, etc and nothing cleans it...

here is my log, your help will be greatly appreciated! hanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:42 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
J:\download dump\HiJackThis.exe
J:\download dump\Windows-KB890830-V1.32.exe
j:\a84e0451742e70131d\mrtstub.exe
C:\WINDOWS\system32\MRT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1762F189-4B68-4192-82BA-B0506DFED7BA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRAMS INSTALLED BY ME\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140 (User 'Default user')
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 5069 bytes

random/random
2007-09-01, 01:06
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:

Hide extensions for known file types
Hide protected operating system files (Recommended)

You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:

Show hidden files and folders

Click Apply and then click OK


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {1762F189-4B68-4192-82BA-B0506DFED7BA} - (no file)
O4 - HKCU\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{37594D4F-07C9-1033-0506-030331200001}] "C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\Update.exe" mc-110-12-0000140 (User 'Default user'

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete this folder:

C:\Program Files\Common Files\{37594D4F-07C9-1033-0506-030331200001}\

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Go here (http://www.kaspersky.com/virusscanner) to run an online scannner from Kaspersky.
Note: You will need to use Internet explorer for this scan
Click on "Kaspersky Online Scanner"
A new smaller window will pop up. Press on "Accept". After reading the contents.
Now Kaspersky will update the anti-virus database. Let it run.
Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
Then click on "My Computer", and the scan will start.
Once finished, save the log as "KAV.txt" to the desktop.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log, a new HijackThis log & let me know of any remaining problems

travisbickle
2007-09-01, 09:47
ran hijack, then deleted the lines
could not find the item to delete in my program files...
and after restart i am still getting popups, kasperkey wont work on my system (i press "accept" and it sits there)

but here is the new hijack log (after all changes were made)

thanks for your help so far!



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
J:\download dump\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRAMS INSTALLED BY ME\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 4354 bytes

random/random
2007-09-01, 10:49
Please download F-Secure Blacklight (fsbl.exe) from here (https://europe.f-secure.com/exclude/blacklight/fsbl.exe)
Save into C:\ with a name of fsbl.exe
Go to Start > Run
Copy and paste the contents of the below codebox into the run box

C:\fsbl.exe /expert
Click OK
This will launch BlackLight
Select I accept the agreement
Click Next
Click Scan
Wait for the scan to finish
Click on Next>
Click Exit
A logfile will have been created in the C:\ drive
It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
Use notepad to open that log
Post the contents of that log as a reply to this topic

travisbickle
2007-09-01, 12:05
blacklight log:

09/01/07 01:59:19 [Info]: BlackLight Engine 1.0.64 initialized
09/01/07 01:59:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/01/07 01:59:20 [Note]: 7019 4
09/01/07 01:59:20 [Note]: 7005 0
09/01/07 01:59:22 [Note]: 7006 0
09/01/07 01:59:22 [Note]: 7022 0
09/01/07 01:59:22 [Note]: 7011 152
09/01/07 01:59:22 [Note]: 7026 0
09/01/07 01:59:23 [Note]: 7026 0
09/01/07 01:59:26 [Note]: FSRAW library version 1.7.1022
09/01/07 02:03:00 [Note]: 7007 0

random/random
2007-09-01, 12:28
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

travisbickle
2007-09-01, 21:52
main:
Deckard's System Scanner v20070826.66
Run by Owner on 2007-09-01 11:41:17
Computer is in Normal Mode.

-- Last 1 Restore Point(s) --
1: 2007-09-01 18:41:37 UTC - RP2 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).
System Drive C: has 0.55 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:21 AM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
J:\download dump\dss.exe
J:\PROGRAMS\Owner.exe

travisbickle
2007-09-01, 21:59
ignore the last one....
Deckard's System Scanner v20070826.66
Run by Owner on 2007-09-01 11:54:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).
System Drive C: has 0.55 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:21 AM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
J:\download dump\dss.exe
J:\PROGRAMS\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TVersityMediaServer - Unknown owner - J:\PROGRAMS INSTALLED BY ME\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 3520 bytes

-- Files created between 2007-08-01 and 2007-09-01 -----------------------------

2007-09-01 02:58:35 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-01 02:58:32 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-01 02:58:30 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-01 01:26:47 0 d-------- C:\WINDOWS\network diagnostic
2007-08-31 01:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-31 01:07:41 0 d-------- C:\VundoFix Backups
2007-08-30 23:44:10 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows>
2007-08-30 23:44:09 54784 -----n--- C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-08-30 23:44:08 1048576 -----n--- C:\WINDOWS\system32\SFMAN.DAT
2007-08-30 23:44:08 26768 -----n--- C:\WINDOWS\system32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-08-30 23:44:05 0 d-------- C:\WINDOWS\system32\Defaults
2007-08-30 23:42:26 0 d-------- C:\WINDOWS\system32\Data
2007-08-30 23:42:24 110592 --a------ C:\WINDOWS\system32\COMMONFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:24 53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:23 319488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:23 106496 --a------ C:\WINDOWS\system32\CTASIO.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:23 61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
2007-08-30 23:42:22 106496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:19 28672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library>
2007-08-30 23:42:19 643072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:19 155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:19 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2007-08-30 23:42:19 36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:18 77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL <Not Verified; Creative Labs; EAX-AC3 DLL>
2007-08-30 23:42:18 94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:17 36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-08-30 23:42:17 110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL <Not Verified; Creative Technology Ltd; E-mu PIA>
2007-08-30 23:42:17 135168 --a------ C:\WINDOWS\system32\OPENAL32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:17 49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-08-30 23:42:17 184320 --a------ C:\WINDOWS\PSCONV.EXE
2007-08-30 23:42:17 61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:16 270336 --a------ C:\WINDOWS\system32\SFMS32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-08-30 23:42:16 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Technology Ltd CTDCRES>
2007-08-30 18:36:13 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-08-30 16:40:54 0 d--hs---- C:\FOUND.000
2007-08-30 15:43:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-08-30 08:10:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Identities
2007-08-30 08:08:21 0 d-------- C:\Program Files\Cakewalk
2007-08-30 08:08:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2007-08-29 10:59:34 0 d-------- C:\WINDOWS\system32\WinFox
2007-08-29 10:59:34 0 d-------- C:\WINDOWS\system32\WinFast
2007-08-29 10:59:34 9469 -----n--- C:\WINDOWS\system32\drivers\WINFOXIO.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)>
2007-08-28 08:28:18 295 ---hs---- C:\WINDOWS\system32\ilmykcoj.ini2
2007-08-22 12:59:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SlySoft
2007-08-22 12:57:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-08-18 20:24:05 0 d-------- C:\Program Files\Common Files\HP
2007-08-18 20:19:08 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-18 15:37:54 0 d-------- C:\Program Files\HP
2007-08-17 07:15:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Tracktion 3
2007-08-17 07:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-08-13 04:36:21 52736 --a------ C:\WINDOWS\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2007-08-12 09:30:06 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-08-12 09:30:05 0 d-------- C:\WINDOWS\system32\drivex
2007-08-11 17:18:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Morpheus Software
2007-08-11 07:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-08-11 07:24:36 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2007-08-10 13:27:49 0 d-------- C:\Program Files\InterActual
2007-08-10 11:32:55 0 d-------- C:\Program Files\MSXML 4.0
2007-08-08 22:18:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-07 19:33:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-08-07 19:33:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2007-08-07 18:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-08-07 18:57:55 0 d-------- C:\Program Files\Xingtone
2007-08-07 18:41:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-08-07 18:41:29 0 d-------- C:\Program Files\Roxio
2007-08-07 18:41:29 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-07 18:40:22 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-07 18:39:16 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2007-08-31 09:47:32 32 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-08-31 09:47:32 32 --a------ C:\WINDOWS\msocreg32.dat
2007-08-18 20:24:28 69373 --a------ C:\WINDOWS\hpoins05.dat
2007-07-30 18:53:40 0 d-------- C:\Program Files\Common Files\SourceTec
2007-07-30 13:43:46 1774704 ---hs---- C:\WINDOWS\system32\EGJLM.ini2
2007-07-30 13:10:26 66112 --a------ C:\WINDOWS\system32\jxpnyvuw.exe
2007-07-29 21:03:26 57100 ---hs---- C:\WINDOWS\system32\jlnmp.ini2
2007-07-28 21:48:44 66112 --a------ C:\WINDOWS\system32\jdgghfpi.exe
2007-07-22 08:01:12 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-07-17 05:27:12 56320 --a------ C:\WINDOWS\b122.exe
2007-07-13 16:45:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
2007-07-11 00:54:16 0 d-------- C:\Program Files\Common Files\Celemony
2007-07-11 00:54:14 0 d-------- C:\Program Files\Celemony
2007-06-24 14:18:00 1908738 ---hs---- C:\WINDOWS\system32\rtstv.ini2
2007-06-24 13:38:02 358 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 07:46:06 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-06-22 08:08:46 909107 ---hs---- C:\WINDOWS\system32\xxvllboi.ini2
2007-06-21 07:38:44 24 --a------ C:\DUKE3D.BAT
2007-06-19 08:04:08 579630 --a------ C:\WINDOWS\system32\explrer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SetDefaultMIDI"="MIDIDef.exe" [01/14/2002 02:42 PM C:\WINDOWS\MIDIDEF.EXE]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= J:\PROGRAMS INSTALLED BY ME\DVD Region+CSS Free\DVDShell.dll [10/09/2004 03:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1135297488\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rtst]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vkswbe]
"C:\Documents and Settings\Owner\Application Data\?ymantec\j?vaw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"RichVideo"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Client IP-IPX"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{25588E5C-7D3B-326D-0608-080202000008}]
C:\WINDOWS\system32\explrer.exe



-- End of Deckard's System Scanner: finished at 2007-09-01 11:55:32 ------------

travisbickle
2007-09-01, 22:04
attached is the extra prt 1

Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 253.98 MiB / 61.66 MiB
Pagefile Memory (total/avail): 622.3 MiB / 372.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1968.06 MiB

C: is Fixed (FAT32) - 5.85 GiB total, 0.55 GiB free.
D: is Fixed (FAT32) - 0.52 GiB total, 0.52 GiB free.
E: is Fixed (FAT32) - 2 GiB total, 0.01 GiB free.
F: is Fixed (FAT32) - 0.31 GiB total, 0.27 GiB free.
G: is Fixed (FAT32) - 1.63 GiB total, 0.72 GiB free.
H: is Fixed (FAT32) - 0.41 GiB total, 0.35 GiB free.
I: is CDROM (No Media)
J: is Fixed (NTFS) - 186.31 GiB total, 11.61 GiB free.
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 91152D8 - 10.73 GiB - 6 partitions
\PARTITION0 (bootable) - Unknown - 5.86 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 4.87 GiB - D: - E: - F: - G: - H:

\\.\PHYSICALDRIVE1 - ST3200822A - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - J:

\\.\PHYSICALDRIVE2 - HP PSC 1610 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Macromedia\\Fireworks MX\\Fireworks.exe"="E:\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Disabled:Fireworks MX"
"J:\\TEMPINSTALLS\\Azureus\\Azureus.exe"="J:\\TEMPINSTALLS\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"E:\\ABCtorrents\\abc.exe"="E:\\ABCtorrents\\abc.exe:*:Disabled:abc"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"J:\\download dump\\utorrent.exe"="J:\\download dump\\utorrent.exe:*:Enabled:µTorrent"
"J:\\PROGRAMS INSTALLED BY ME\\Google\\Google Earth\\googleearth.exe"="J:\\PROGRAMS INSTALLED BY ME\\Google\\Google Earth\\googleearth.exe:*:Enabled:googleearth.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Disabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Disabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Disabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Disabled:avginet.exe"
"C:\\WINDOWS\\system32\\vbidcrxm.exe"="C:\\WINDOWS\\system32\\vbi"
"J:\\download dump\\commandos 2 men of courage\\C2MOC_CD1\\Crack\\comm2.exe"="J:\\download dump\\commandos 2 men of courage\\C2MOC_CD1\\Crack\\comm2.exe:*:Disabled:comm2"
"J:\\Empire Earth\\Empire Earth.exe"="J:\\Empire Earth\\Empire Earth.exe:*:Disabled:Empire Earth"
"E:\\Joost\\xulrunner\\tvprunner.exe"="E:\\Joost\\xulrunner\\tvprunner.exe:*:Disabled:tvprunner"
"C:\\WINDOWS\\System32\\zwsqlr.exe"="C:\\WINDOWS\\System32\\zwsqlr.exe:*:Disabled:zwsqlr"
"J:\\PROGRAMS INSTALLED BY ME\\Media Server\\TVersity.exe"="J:\\PROGRAMS INSTALLED BY ME\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"

travisbickle
2007-09-01, 22:06
part 2= extra


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBMBLACK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\IBMBLACK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=IBMBLACK
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "J:\PROGRAMS INSTALLED BY ME\SBlive\Program\Ctzapxx.EXE" /X /U /S
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Algorithmix Plugin Bundle 1.3 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Uninstall\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Uninstall\INSTALL.LOG
AmpegSVX --> C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Jimi Hendrix --> C:\Program Files\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Antares Autotune DX v4.12 --> E:\AUDITI~1.5\VSTPLU~1\AUTOTU~1\ANTARE~1\UNWISE.EXE E:\AUDITI~1.5\VSTPLU~1\AUTOTU~1\ANTARE~1\INSTALL.LOG
Antares AVOX Vocal Kit Bundle VST v1.02 --> E:\AUDITI~1.5\VSTPLU~1\AVOXVO~1\CHOIR\UNWISE.EXE E:\AUDITI~1.5\VSTPLU~1\AVOXVO~1\CHOIR\INSTALL.LOG
ASIO4ALL --> J:\PROGRAMS INSTALLED BY ME\ASIO4ALL v2\uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Burgers Transition Pack (u) 1.1 --> "J:\Ulead VideoStudio 10\Vfx_plug\Burgers Transition Pack\unins000.exe"
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Commandos 2: Men of Courage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\Setup.exe"
DivX Web Player --> E:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duplicate File Remover 1.1 --> J:\PROGRAMS INSTALLED BY ME\Duplicate File Remover\uninst.exe
DVD Region+CSS Free 5.9.7.5 --> "J:\PROGRAMS INSTALLED BY ME\DVD Region+CSS Free\unins000.exe"
Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\SETUP.EXE"
EZdrummer --> MsiExec.exe /I{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
EZXCocktail --> MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}
FLV Player 1.3.3 --> "J:\PROGRAMS INSTALLED BY ME\FLVPlayer\uninstall.exe"
FXbench --> "J:\Ulead VideoStudio 10\Vfx_plug\FXbench\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Updater --> "C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "J:\download dump\HijackThis.exe" /uninstall
HP Extended Capabilities 4.7 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.1_07 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
K-Lite Codec Pack 3.4.0 Full --> "J:\PROGRAMS INSTALLED BY ME\K-Lite Codec Pack\unins000.exe"
Lexicon PSP 42 VST DX v1.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Lexicon PSP 42\Log\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Lexicon PSP 42\Log\INSTALL.LOG
Lupas Rename 2000 v5.0 Release --> "J:\PROGRAMS INSTALLED BY ME\Lupas Rename 2000\unins000.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Magic ISO Maker v5.4 (build 0239) --> J:\PROGRAMS INSTALLED BY ME\MagicISO\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\MagicISO\INSTALL.LOG
Melodyne plugin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C49987B-689E-469D-86AE-8E325A038701}\setup.exe" -l0x9 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> E:\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Morpheus Photo Morpher v3.00 --> "J:\PROGRAMS INSTALLED BY ME\Morpheus Photo Morpher\unins000.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments - Rig Kontrol 2 Driver --> J:\Program Files\Native Instruments\Guitar Rig 2\DXi\Rig Kontrol 2 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 2 Driver\Setup
Native Instruments Guitar Rig 2 --> J:\Program Files\Native Instruments\Guitar Rig 2\UNWISE.EXE J:\Program Files\Native Instruments\Guitar Rig 2\INSTALL.LOG
Nero 6 Ultra Edition --> E:\NERO\nero\uninstall\UNNERO.exe /UNINSTALL
Nomad Factory Blue Tubes Bundle v2.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Blue Tubes Bundle\Nomad Factory Blue Tubes Bundle Uninstall\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\Blue Tubes Bundle\Nomad Factory Blue Tubes Bundle Uninstall\INSTALL.LOG
Nomad Factory Liquid Bundle VST v1.6 --> J:\PROGRAMS INSTALLED BY ME\Liquid Bundle VST\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\Liquid Bundle VST\INSTALL.LOG
Nomad Factory Rock Amp Legends VST v1.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\VstPlugIns\Nomad Factory RAL\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\VstPlugIns\Nomad Factory RAL\INSTALL.LOG
Nomad Factory SC-226 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\nomadFACTORY\2\Uninstal logs\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\nomadFACTORY\2\Uninstal logs\INSTALL.LOG
Nomadfactory Liquid Bundle VST RTAS v2.1 --> J:\PROGRAMS INSTALLED BY ME\Liquid Bundle VST\uninstall\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\Liquid Bundle VST\uninstall\INSTALL.LOG
Picasa 2 --> "E:\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "J:\PROGRAMS INSTALLED BY ME\PowerISO\uninstall.exe"
PSP 608 MultiDelay 1.1.0 --> "J:\PROGRAMS INSTALLED BY ME\VSTPlugins\uninstall.exe" "/U:J:\PROGRAMS INSTALLED BY ME\VSTPlugins\irunin.xml"
PSP Audioware Neon HR VST RTAS --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\PSP Neon HR\uninstall\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\PSP Neon HR\uninstall\INSTALL.LOG
PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\MASTERCOMP\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\MASTERCOMP\INSTALL.LOG
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Reason --> MsiExec.exe /X{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}
Riva FLV Encoder 2.0 --> "J:\PROGRAMS INSTALLED BY ME\Riva FLV Encoder 2.0\unins000.exe"
Roxio Content 9 --> MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony PSP Media Manager 1.0 --> MsiExec.exe /X{ECB74828-944D-473A-BF6E-FBF596166815}
Sothink SWF Decompiler --> "J:\PROGRAMS INSTALLED BY ME\Sothink SWF Decompiler\unins000.exe"
Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "J:\PROGRAMS INSTALLED BY ME\Spybot - Search & Destroy\unins000.exe"
Studio Instruments 1.0 --> "C:\Program Files\Cakewalk\Studio Instruments\unins000.exe"
Total Video Converter 3.10 --> "J:\PROGRAMS INSTALLED BY ME\Total Video Converter\Total Video Converter\unins000.exe"
Tracktion 3.0.2.6 --> "J:\PROGRAMS INSTALLED BY ME\Tracktion 3\unins000.exe"
TVersity Media Server 0.9.10.7 (beta) --> J:\PROGRAMS INSTALLED BY ME\Media Server\uninst.exe
Ulead VideoStudio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9
Uniblue RegistryBooster 2 --> "J:\PROGRAMS INSTALLED BY ME\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "J:\PROGRAMS INSTALLED BY ME\RegistryBooster 2\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "J:\PROGRAMS INSTALLED BY ME\RegistryBooster 2\SpyEraser\unins000.exe"
USB 2.0 Single Slot Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE6DBEA8-CD29-11D7-9A01-AFACDE407D23}\setup.exe" -l0x9
Virtual DJ - Atomix Productions --> J:\PROGRAMS INSTALLED BY ME\VirtualDJ\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VirtualDJ\INSTALL.LOG
Warp VST V1.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\VstPlugIns\WarpVST 1.0\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\VstPlugIns\WarpVST 1.0\INSTALL.LOG
Waves Diamond Bundle v5.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\UninstallDiamond\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\UninstallDiamond\INSTALL.LOG
Wibu Emu driver v1.0 --> J:\PROGRAMS INSTALLED BY ME\VSTPlugins\H2O\UNWISE.EXE J:\PROGRAMS INSTALLED BY ME\VSTPlugins\H2O\INSTALL.LOG
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinRAR archiver --> g:\Program Files\WinRAR\uninstall.exe
WinZip --> "G:\WinZip\WINZIP32.EXE" /uninstall
ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
Zip Motion Block Video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF

travisbickle
2007-09-01, 22:07
part 3 extra

-- Application Event Log -------------------------------------------------------

Event Record #/Type1852 / Warning
Event Submitted/Written: 09/01/2007 11:29:12 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1845 / Warning
Event Submitted/Written: 09/01/2007 11:16:03 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1838 / Warning
Event Submitted/Written: 09/01/2007 11:03:28 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1831 / Warning
Event Submitted/Written: 09/01/2007 04:34:09 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1829 / Warning
Event Submitted/Written: 09/01/2007 04:00:21 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}', feature 'SoleFeature' failed during request for component '{DAA6C2EE-E666-4FAE-9799-F84BC3933DC0}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type77659 / Error
Event Submitted/Written: 09/01/2007 11:35:26 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type77658 / Error
Event Submitted/Written: 09/01/2007 11:35:26 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type77654 / Error
Event Submitted/Written: 09/01/2007 11:34:49 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type77653 / Error
Event Submitted/Written: 09/01/2007 11:34:49 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type77652 / Warning
Event Submitted/Written: 09/01/2007 11:34:47 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00096BC357A1. The IP address being used is 193.168.1.64.



-- End of Deckard's System Scanner: finished at 2007-09-01 11:47:06 ------------

random/random
2007-09-01, 22:56
Backup Your Registry with ERUNT
Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window


REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rtst]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vkswbe]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{25588E5C-7D3B-326D-0608-080202000008}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\zwsqlr.exe"=-



Save it to the desktop as fix.reg, making sure save as type is set to all files

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\ilmykcoj.ini2
C:\WINDOWS\system32\EGJLM.ini2
C:\WINDOWS\system32\jxpnyvuw.exe
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jdgghfpi.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\xxvllboi.ini2
C:\WINDOWS\system32\explrer
C:\\WINDOWS\System32\zwsqlr.exe

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Go here (http://www.eset.eu/online-scanner) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems

travisbickle
2007-09-02, 18:56
everything was going great until i needed to open IE to do the scan, then i got more popups then my computer crashed - i caught my computer installing "svhost.exe" and "retapu77.exe" which i deleted, and now my computer restarts wihtout the desktop.

i finally got online, and will try the scan again, looks to me like i got more viruses in the last effort though...

travisbickle
2007-09-02, 19:11
even though it had started a scan before, the online scanning ins NOT working now, IE crashes when i try to install the .cab file, as well as bringing up "WEB BUYING" popups with EVERYTIME i try this...

my latest hijack log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:57 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\dHJhdmlzIGJpY2tsZQ\command.exe
C:\WINDOWS\system32\hgsxjjgy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
J:\PROGRAMS\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F516CAC59B6
O4 - HKLM\..\Run: [wojycar] C:\Program Files\Windows NT\wojycar22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxertppe.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.2\webbuying.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dHJhdmlzIGJpY2tsZQ\command.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hgsxjjgy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TVersityMediaServer - Unknown owner - J:\PROGRAMS INSTALLED BY ME\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4764 bytes

random/random
2007-09-02, 20:12
You do not appear to be running a realtime antivirus, this is leaving you open to infection
Please install one of the following free antivirus programs:

AVG (http://free.grisoft.com/doc/1)
Avast! (http://www.avast.com/eng/avast_4_home.html)
Antivir (http://www.free-av.com/)


Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

travisbickle
2007-09-03, 01:33
ran avast! and put all viruses in the "chest"

log:

ComboFix 07-08-30.3 - "Owner" 2007-09-02 15:16:32.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\OWNER\APPLIC~1\sstem~1
C:\DOCUME~1\OWNER\APPLIC~1\ymante~1
C:\Program Files\network monitor
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\aohketi.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\epptrexo.ini
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\G9
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\H7
C:\WINDOWS\system32\hgggfge.dll
C:\WINDOWS\system32\hgsxjjgy.exe
C:\WINDOWS\system32\mwdcdsdw.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\oxertppe.dll
C:\WINDOWS\system32\S0
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\win
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 14:06 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-02 14:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-02 14:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-02 14:06 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-02 14:06 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-02 14:06 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 14:06 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-02 13:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 07:29 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-02 07:28 <DIR> d--hs---- C:\WINDOWS\dHJhdmlzIGJpY2tsZQ
2007-09-02 07:28 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-02 07:28 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-02 07:28 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-09-02 07:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-09-01 11:41 <DIR> d-------- C:\Deckard
2007-09-01 02:58 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-01 02:58 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-09-01 02:58 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-31 01:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 01:07 <DIR> d-------- C:\VundoFix Backups
2007-08-30 23:41 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-08-30 16:40 <DIR> d--hs---- C:\FOUND.000
2007-08-30 15:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-08-30 08:08 <DIR> d-------- C:\Program Files\Cakewalk
2007-08-30 08:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cakewalk
2007-08-29 12:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-29 11:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-29 10:59 9,469 --------- C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-08-29 10:59 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-08-29 10:59 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-08-27 16:58 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-08-27 16:57 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-08-27 16:57 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-08-27 16:57 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-08-27 16:57 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-08-27 16:56 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
2007-08-27 16:56 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
2007-08-27 16:56 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-08-22 12:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlySoft
2007-08-22 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-08-18 20:24 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-18 20:19 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-18 15:37 <DIR> d-------- C:\Program Files\HP
2007-08-17 07:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Tracktion 3
2007-08-17 07:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tracktion 3
2007-08-13 04:36 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-08-12 09:30 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-08-12 09:30 <DIR> d-------- C:\WINDOWS\system32\drivex
2007-08-12 09:00 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-11 17:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Morpheus Software
2007-08-11 07:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-08-11 07:24 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-08-10 13:27 <DIR> d-------- C:\Program Files\InterActual
2007-08-10 11:32 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-08 16:30 19,456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-07 19:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Roxio
2007-08-07 19:33 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
2007-08-07 18:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-07 18:57 <DIR> d-------- C:\Program Files\Xingtone
2007-08-07 18:41 <DIR> d-------- C:\Program Files\Roxio
2007-08-07 18:41 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-07 18:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-08-07 18:40 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-02 18:11 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 18:11 241,664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 09:47 32 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 18:53 --------- d-------- C:\Program Files\Common Files\SourceTec
2007-07-27 15:49 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-22 08:01 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-07-19 00:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 00:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Presets
2007-07-13 16:45 --------- d-------- C:\DOCUME~1\OWNER\APPLIC~1\SuperAdBlocker.com
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 00:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temporary
2007-07-11 00:54 --------- d-------- C:\Program Files\Common Files\Celemony
2007-07-11 00:54 --------- d-------- C:\Program Files\Celemony
2007-06-27 07:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:35 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-24 13:38 358 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 07:46 737280 --a------ C:\WINDOWS\iun6002.exe
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:10 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-12 13:23 796152 --a------ C:\WINDOWS\system32\cddbcontrol.dll
2004-08-04 19:00:00 1,323,520 --sh--r C:\WINDOWS\system32\aim.exe
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\dHJhdmlzIGJpY2tsZQ\xJL1xA5WK3LDsZQPtk.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS" []
"wojycar"="C:\Program Files\Windows NT\wojycar22011.exe" [2007-08-07 13:30]
"avast!"="J:\PROGRAMS INSTALLED BY ME\avastVIRUSPROTECTION\ashDisp.exe" [2007-07-27 15:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 14:42 C:\WINDOWS\MIDIDEF.EXE]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= J:\PROGRAMS INSTALLED BY ME\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1135297488\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"RichVideo"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Client IP-IPX"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Adobe LM Service"=3 (0x3)

S1 SABKUTIL;SABKUTIL;\??\J:\PROGRAMS INSTALLED BY ME\superADblocker\SABKUTIL.sys
S2 Ca536av;Digital Camera(Video) Device;C:\WINDOWS\system32\Drivers\Ca536av.sys
S3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys
S3 cxwibu;Team H2O WIBU Driver;\??\J:\PROGRAMS INSTALLED BY ME\VSTPlugins\H2O\cxwibu.sys
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\KTC111.SYS
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 USBCamera;Digital Camera(Still) Device;C:\WINDOWS\system32\Drivers\Bulk536.sys


Contents of the 'Scheduled Tasks' folder
2007-09-02 22:21:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - H:\defender\MpCmdRun.exe
2007-08-18 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job - J:\PROGRAMS INSTALLED BY ME\XoftSpySE\XoftSpy.exe
2007-08-31 02:16:28 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - J:\PROGRAMS INSTALLED BY ME\RegistryBooster 2\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 15:24:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 15:27:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 15:27

--- E O F ---

travisbickle
2007-09-03, 01:34
latest hijack log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:34 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows NT\wojycar22011.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\PROGRAMS\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [wojycar] C:\Program Files\Windows NT\wojycar22011.exe
O4 - HKLM\..\Run: [avast!] J:\PROGRAMS INSTALLED BY ME\avastVIRUSPROTECTION\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\avastVIRUSPROTECTION\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\avastVIRUSPROTECTION\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\avastVIRUSPROTECTION\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TVersityMediaServer - Unknown owner - J:\PROGRAMS INSTALLED BY ME\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4260 bytes

travisbickle
2007-09-03, 07:01
yay! maybe avast has cleared my problems? unless you see anything in my last LOG

so far, i've been online for about 3 hours now and NO popup!!! everything is running fast, and seems to be in order....

am i done? do you see anythign else?

thank you ever so much random random

random/random
2007-09-03, 12:03
yay! maybe avast has cleared my problems? unless you see anything in my last LOG

I think combofix probably did more to clear out your problems than avast

There are still a few leftovers left to remove


Open a new notepad window (Start>All programs>accessories>notepad)
Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard

Folder::
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\WINDOWS\dHJhdmlzIGJpY2tsZQ
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\cfig322
C:\VundoFix Backups
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wojycar"=-
File::
C:\Program Files\Windows NT\wojycar22011.exe
Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
Save it to the desktop as CFscript.txt
Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

travisbickle
2007-09-03, 18:27
NEW LOGS:

ComboFix 07-08-30.3 - "Owner" 2007-09-03 8:20:00.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.63 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\Program Files\Windows NT\wojycar22011.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Windows NT\wojycar22011.exe
C:\VundoFix Backups
C:\WINDOWS\dHJhdmlzIGJpY2tsZQ
C:\WINDOWS\dHJhdmlzIGJpY2tsZQ\xJL1xA5WK3LDsZQPtk.vbs
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\drvr2


((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


2007-09-02 15:53 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-02 15:53 90,112 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-02 15:53 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-02 15:53 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-02 15:53 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 15:53 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-02 15:52 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-02 13:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 07:28 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-09-02 07:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-09-01 11:41 <DIR> d-------- C:\Deckard
2007-09-01 02:58 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-01 02:58 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-09-01 02:58 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-31 01:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-30 23:41 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-08-30 16:40 <DIR> d--hs---- C:\FOUND.000
2007-08-30 15:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-08-30 08:08 <DIR> d-------- C:\Program Files\Cakewalk
2007-08-30 08:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cakewalk
2007-08-29 12:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-29 11:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-29 10:59 9,469 --------- C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-08-29 10:59 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-08-29 10:59 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-08-27 16:58 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-08-27 16:57 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-08-27 16:57 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-08-27 16:57 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-08-27 16:57 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-08-27 16:56 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
2007-08-27 16:56 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
2007-08-27 16:56 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-08-22 12:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlySoft
2007-08-22 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-08-18 20:24 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-18 20:19 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-18 15:37 <DIR> d-------- C:\Program Files\HP
2007-08-17 07:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Tracktion 3
2007-08-17 07:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tracktion 3
2007-08-13 04:36 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-08-12 09:30 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-08-12 09:30 <DIR> d-------- C:\WINDOWS\system32\drivex
2007-08-12 09:00 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-11 17:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Morpheus Software
2007-08-11 07:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-08-11 07:24 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-08-10 13:27 <DIR> d-------- C:\Program Files\InterActual
2007-08-10 11:32 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-08 16:30 19,456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-07 19:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Roxio
2007-08-07 19:33 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
2007-08-07 18:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-07 18:57 <DIR> d-------- C:\Program Files\Xingtone
2007-08-07 18:41 <DIR> d-------- C:\Program Files\Roxio
2007-08-07 18:41 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-07 18:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-08-07 18:40 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 09:47 32 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-08-02 18:11 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 18:11 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 18:53 --------- d-------- C:\Program Files\Common Files\SourceTec
2007-07-27 15:49 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-22 08:01 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-07-19 00:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 00:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Presets
2007-07-13 16:45 --------- d-------- C:\DOCUME~1\OWNER\APPLIC~1\SuperAdBlocker.com
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 00:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temporary
2007-07-11 00:54 --------- d-------- C:\Program Files\Common Files\Celemony
2007-07-11 00:54 --------- d-------- C:\Program Files\Celemony
2007-06-27 07:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:35 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-24 13:38 358 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 07:46 737280 --a------ C:\WINDOWS\iun6002.exe
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:10 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-12 13:23 796152 --a------ C:\WINDOWS\system32\cddbcontrol.dll
2004-08-04 19:00:00 1,323,520 --sh--r C:\WINDOWS\system32\aim.exe


((((((((((((((((((((((((((((( snapshot_2007-09-02_152617.46 )))))))))))))))))))))))))))))))))))))))))

----a-w 16,384 2007-09-02 23:00:48 C:\WINDOWS\TEMP\Perflib_Perfdata_790.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS" []
"avast!"="J:\PROGRAMS INSTALLED BY ME\AVAST4\ashDisp.exe" [2007-04-18 09:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 14:42 C:\WINDOWS\MIDIDEF.EXE]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= J:\PROGRAMS INSTALLED BY ME\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1135297488\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"RichVideo"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Client IP-IPX"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Adobe LM Service"=3 (0x3)

S1 SABKUTIL;SABKUTIL;\??\J:\PROGRAMS INSTALLED BY ME\superADblocker\SABKUTIL.sys
S2 Ca536av;Digital Camera(Video) Device;C:\WINDOWS\system32\Drivers\Ca536av.sys
S3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys
S3 cxwibu;Team H2O WIBU Driver;\??\J:\PROGRAMS INSTALLED BY ME\VSTPlugins\H2O\cxwibu.sys
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\KTC111.SYS
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 USBCamera;Digital Camera(Still) Device;C:\WINDOWS\system32\Drivers\Bulk536.sys

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER

Contents of the 'Scheduled Tasks' folder
2007-09-02 23:03:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-18 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job - J:\PROGRAMS INSTALLED BY ME\XoftSpySE\XoftSpy.exe
2007-08-31 02:16:28 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - J:\PROGRAMS INSTALLED BY ME\RegistryBooster 2\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 08:23:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-03 8:24:11
C:\ComboFix2.txt ... 2007-09-02 15:27
C:\ComboFix-quarantined-files.txt ... 2007-09-03 08:24

--- E O F ---

travisbickle
2007-09-03, 18:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:51 AM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
J:\PROGRAMS INSTALLED BY ME\AVAST4\aswUpdSv.exe
J:\PROGRAMS INSTALLED BY ME\AVAST4\ashServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
J:\PROGRAMS INSTALLED BY ME\AVAST4\ashMaiSv.exe
J:\PROGRAMS INSTALLED BY ME\AVAST4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
J:\PROGRAMS\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "J:\PROGRAMS INSTALLED BY ME\SBlive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [avast!] J:\PROGRAMS INSTALLED BY ME\AVAST4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B628C9C-7AC7-437E-BAD9-D7EE41853B9E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\AVAST4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\AVAST4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\AVAST4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - J:\PROGRAMS INSTALLED BY ME\AVAST4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TVersityMediaServer - Unknown owner - J:\PROGRAMS INSTALLED BY ME\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4369 bytes

random/random
2007-09-03, 18:39
How's your PC running now?

travisbickle
2007-09-05, 22:13
ha ha how'd you know??

after 2 days of testing,
its running VERY nicely..back to its old self, and no popups whatsoever...
thank you so much for your help!!

i have a few questions

what kind of virus was it ?

now that i have avast pro running, will it prevent future attacks like this?

random/random
2007-09-06, 00:10
what kind of virus was it ?

Almost entirely adware, mostly vundo


now that i have avast pro running, will it prevent future attacks like this?

It will certainly reduce the chance of them happening

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php), you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Restart
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once, and not on a regular basis
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall (http://www.personalfirewall.comodo.com/)or Zonealarm (http://www.zonelabs.com/store/content/home.jsp)
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here (http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx) to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it at least once a month
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster from here (http://www.javacoolsoftware.com/sbdownload.html)
Install and use Spybot Search & Destroy
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Make sure you update, reimmunize & scan regularly
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
Run Spybot Search & Destroy
Click on Mode, and then place a tick next to Advanced mode
Click Yes
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
Click on Add Spybot-S&D hosts listNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services windowFor a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187)
Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here (http://www.emsisoft.com/en/software/free/)
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer (http://www.emsisoft.com/en/software/antidialer/) which provides some real time protection against premium rate dialers
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date