Help, please (Vundo, etc.)

**Rawe** · 2007-02-27, 10:35

Lets check another very helpful log for analysing....

Please download ComboScan to your desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it -- follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open (ComboScan.txt), please copy & paste all of it's content here.

Extra note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your antivirus delete it. (In this case, it may be better to temporary disable your antivirus)

**bardolator** · 2007-02-28, 01:13

Here we go. I was advised to set System Restore to "off" until I'm sure everything is clean as a whistle, so no virus, etc., can reinstall from a bad restore point. Hope that's correct.

Splitting ComboScan due to length:

ComboScan v20070226.18 run by Doc on 2007-02-27 at 18:51:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.

-- HijackThis (run as Doc.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:52:17 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Updater.exe
C:\Program Files\Common Files\AOL\1144814413\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Documents and Settings\Doc\Desktop\comboscan.exe
C:\HIJACK~1\Doc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144814413\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127528382562
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.sdhc.k12.fl.us/ClientDownloads/fcplugin.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) ------------------------------

backup-20070226-142905-176 O2 - BHO: (no name) - {7F5A2699-38CD-4B98-B193-5916D6566B01} - C:\WINDOWS\system32\ssqoopo.dll (file missing)
backup-20070226-142905-397 O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\rgdjsxok.dll (file missing)
backup-20070226-142905-479 O2 - BHO: (no name) - {29AFBA10-AB2A-449F-B153-1797FA4D9539} - C:\WINDOWS\system32\jkhfc.dll (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R BCM43XX (Broadcom 802.11 Network Adapter Driver) - C:\WINDOWS\system32\drivers\BCMWL5.SYS
3S BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - D:\INSTAL~E\Core\BVRPMPR5.SYS (not found)
3S C-Dilla - C:\WINDOWS\system32\drivers\CDANT.SYS
3R CAMCAUD (Conexant AMC Audio) - C:\WINDOWS\system32\drivers\camc6aud.sys
3R CAMCHALA - C:\WINDOWS\system32\drivers\camc6hal.sys
3S Dot4 HPH09 - C:\WINDOWS\system32\drivers\hphid409.sys
3S Dot4Print HPH09 (Print Class Driver for IEEE-1284.4 HPH09) - C:\WINDOWS\system32\drivers\hphipr09.sys
3S Dot4Storage HPH09 (Storage Class Driver for IEEE-1284.4 (HPH09)) - C:\WINDOWS\system32\drivers\hphs2k09.sys
3S Dot4Usb HPH09 - C:\WINDOWS\system32\drivers\hphius09.sys
1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys
3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWATI - C:\WINDOWS\system32\drivers\HSFHWATI.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
0R IFP800 (iriver Internet Audio Player IFP-800) - C:\WINDOWS\system32\drivers\Ifp800.sys
0S kl1 - C:\WINDOWS\system32\Drivers\kl1.sys (not found)
3R KLIF - C:\WINDOWS\system32\drivers\klif.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3R RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
3S SMCIRDA (SMC IrCC Miniport Device Driver) - C:\WINDOWS\system32\drivers\smcirda.sys
3S sony_ssm.sys - C:\DOCUME~1\Doc\LOCALS~1\Temp\sony_ssm.sys (not found)
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
0R SSI - C:\WINDOWS\system32\drivers\ssi.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3S VNUSB (VN Series Device) - C:\WINDOWS\system32\drivers\VNUSB.sys
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R C-DillaSrv - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.exe
3R hpqwmi (HP WMI Interface) - C:\Program Files\HPQ\SHARED\HPQWMI.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
3S Pml Driver - C:\WINDOWS\system32\HPHipm09.exe
2R svcWRSSSDK (Webroot Spy Sweeper Engine) - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
2S vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

**bardolator** · 2007-02-28, 01:13

ComboScan, continued:

-- Scheduled Tasks --------------------------------------------------------------

2007-02-25 22:22:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-01-15 02:00:00 860 --a------ C:\WINDOWS\Tasks\wrSpySweeper20051023210910.job<WRSPYS~1.JOB>

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-21 11:19:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-21 11:19:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer<APPLEC~1>
2007-02-21 11:19:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-21 11:17:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-21 10:59:00 0 d-------- C:\SDFix
2007-02-21 10:48:16 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 10:48:14 0 d-------- C:\Program Files\Grisoft
2007-02-16 17:33:15 512 --a------ C:\ScanSectorLog.dat<SCANSE~1.DAT>
2007-02-15 15:28:04 0 d-------- C:\Documents and Settings\Doc\Application Data\MailFrontier<MAILFR~1>
2007-02-15 15:21:28 89120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-02-15 15:21:28 4261408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-15 15:15:06 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-02-12 00:11:02 0 d-------- C:\HijackThis<HIJACK~1>
2007-02-11 23:06:15 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-11 22:47:51 603 --a------ C:\Combo.bat
2007-02-11 21:59:17 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-11 20:06:29 0 d-------- C:\Program Files\Total Video Converter<TOTALV~1>
2007-02-09 17:17:42 0 d-------- C:\Documents and Settings\Doc\Application Data\Lavasoft
2007-02-09 17:17:17 0 d-------- C:\Program Files\Lavasoft

-- Find3M Report ----------------------------------------------------------------

2007-02-27 10:30:36 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-26 23:59:32 0 d-------- C:\Program Files\Trillian
2007-02-26 15:21:12 0 d-------- C:\Program Files\Winamp
2007-02-26 15:17:43 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-26 15:14:36 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-26 15:13:47 0 d-------- C:\Program Files\iTunes
2007-02-26 15:10:40 0 d-------- C:\Program Files\CursorXP
2007-02-26 15:09:26 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-02-24 09:43:18 104 --a------ C:\WINDOWS\popcinfo.dat
2007-02-09 16:52:20 0 d-------- C:\Program Files\Audacity
2007-01-31 06:24:57 0 d-------- C:\Documents and Settings\Doc\Application Data\AdobeUM
2007-01-30 22:36:12 320 --a------ C:\Program Files\User.ini
2007-01-30 22:36:12 424 --a------ C:\Program Files\GQFileHistory.ini<GQFILE~1.INI>
2007-01-30 22:36:12 58 --a------ C:\Program Files\gq.ini
2007-01-16 17:05:00 0 d-------- C:\Program Files\iriver
2007-01-16 17:05:00 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-14 18:25:05 0 d-------- C:\Program Files\Hp
2007-01-14 18:25:05 0 d-------- C:\Program Files\Common Files\HP
2007-01-08 14:29:40 75512 --a------ C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2006-12-28 16:38:04 0 d-------- C:\Program Files\Google
2006-12-28 16:36:49 0 d-------- C:\Documents and Settings\Doc\Application Data\Kontiki
2006-12-28 14:53:05 0 d-------- C:\Documents and Settings\Doc\Application Data\Azureus
2006-12-28 14:49:51 0 d-------- C:\Program Files\Azureus

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"Aim6"=""
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HPHmon03"="C:\\WINDOWS\\system32\\hphmon03.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"iRiver Updater"="\\Updater.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144814413\\ee\\AOLSoftware.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7F5A2699-38CD-4B98-B193-5916D6566B01}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de296110-431c-11da-bea8-0014a51584fd}]
Shell\AutoRun\command E:\setupSNK.exe

-- End of ComboScan: finished at 2007-02-27 at 18:52:45 -------------------------

**bardolator** · 2007-02-28, 01:16

Ugh; splitting Supplementary material, as well:

ComboScan v20070226.18 run by Doc on 2007-02-27 at 18:51:00
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1022.48 MiB / 618.38 MiB
Pagefile Memory (total/avail): 2459.51 MiB / 2171.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.31 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 27.38 GiB free.
D: is CDROM (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.302.000 (Check Point, LTD.) Disabled
AV: ZoneAlarm Security Suite Antivirus v7.0.302.000 (Check Point, LTD.) Disabled

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Doc\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GRANIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Doc
LOGONSERVER=\\GRANIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SDL_VIDEODRIVER=directx
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Doc\LOCALS~1\Temp
TMP=C:\DOCUME~1\Doc\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=GRANIA
USERNAME=Doc
USERPROFILE=C:\Documents and Settings\Doc
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ----------------------------------------------------------------

Doc (admin)
Administrator (admin)

**bardolator** · 2007-02-28, 01:17

Supplementary stuff, continued:

-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auto Gordian Knot 2.27 --> C:\Program Files\AutoGK\uninst.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bejeweled Deluxe 1.862 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
C-Dilla Licence Management System --> C:\C_DILLA\setup\cdunin16.exe
Conexant AC-Link Audio --> CIAunwdm.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
ePenInstallation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9156A46A-0F75-4D72-AF75-206BB82D0990}\setup.exe" -l0x9
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
GradeQuick --> C:\WINDOWS\uninst.exe -f"c:\program files\DeIsL1.isu" -c"c:\program files\_ISREG32.DLL"
HijackThis 1.99.1 --> C:\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Deskjet 3840 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3840 Series
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Pavillion zv6000 User Guides --> C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Wireless Assistant 1.01 A3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iRiver Updater --> \uninst.exe
iriverter 0.16 --> C:\Program Files\iriverter\uninst.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Macromedia Authorware Web Player --> C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log
MailFrontier Desktop --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
NoteTab Light (Remove only) --> "C:\Program Files\NoteTab Light\unins000.exe"
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pixie 3.1 (remove only) --> "C:\Program Files\Nattyware\Pixie\uninstall.exe"
Quick Launch Buttons 5.10 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
StuffIt Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TaxCut Deluxe 2005 --> C:\PROGRA~1\TaxCut05\Program\removetc.exe
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
Thief Gold --> C:\WINDOWS\IsUninst.exe -fC:\games\ThiefG\thiefalphaIIu.log
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

-- End of ComboScan: finished at 2007-02-27 at 18:52:45 -------------------------

**Rawe** · 2007-02-28, 11:42

Have you tried uninstalling then reinstalling ZoneAlarm at any point?

The malware infection you had might have done something to it.

I need some more logs

Open HiJackThis
Click on the tab "Misc Tools"
Click on "Open ADS Spy.."
Click on "Scan"
Click on "Save Log..."
Copy and past the list from the notebook onto your post.

Then lets have a check with BlackLight just in case

Download and save Blacklight to your desktop:

Double-click blbeta.exe.
Accept the agreement.
Click Scan.
Click Next.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply along with the ADS scan log from HijackThis. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there.

**bardolator** · 2007-02-28, 14:29

Originally Posted by Rawe

I need some more logs

Open HiJackThis
Click on the tab "Misc Tools"
Click on "Open ADS Spy.."
Click on "Scan"
Click on "Save Log..."
Copy and past the list from the notebook onto your post.

I did this, but nothing came up in the window. I got a "scan complete" a split second after clicking "scan." Just to be sure, I added the "calculate checksum" option and did it again, with the same (lack of) results.

I recently upgraded to ZA 7; guess I'll have to download again.

Then lets have a check with BlackLight just in case

Download and save Blacklight to your desktop:

Double-click blbeta.exe.
Accept the agreement.
Click Scan.
Click Next.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply along with the ADS scan log from HijackThis. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there.

02/28/07 08:17:33 [Info]: BlackLight Engine 1.0.55 initialized
02/28/07 08:17:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/28/07 08:17:33 [Note]: 7019 4
02/28/07 08:17:33 [Note]: 7005 0
02/28/07 08:17:34 [Note]: 7006 0
02/28/07 08:17:37 [Note]: 7011 1712
02/28/07 08:17:37 [Note]: 7026 0
02/28/07 08:17:37 [Note]: 7026 0
02/28/07 08:17:46 [Note]: FSRAW library version 1.7.1021
02/28/07 08:28:32 [Note]: 2000 1012
02/28/07 08:28:32 [Note]: 2000 1012
02/28/07 08:28:32 [Note]: 7007 0

**Rawe** · 2007-02-28, 19:10

Well, I don't see any definate baddies there anymore.

Lets see the following.....

Surf here: http://virustotal.com

In the blank field next to the "Browse" button, paste the following filepath and hit "Send File". Wait for the scanners to finish and copy & paste the results here:

C:\WINDOWS\popcinfo.dat

Then, do the same step for each of the following (one at-a-time):

C:\Program Files\WGRADE7.DLL
C:\WRI7.SYS
C:\WINDOWS\uccspecb.sys

Post back with the filescan results.

**bardolator** · 2007-03-01, 03:06

C:\WINDOWS\popcinfo.dat

STATUS: FINISHEDComplete scanning result of "popcinfo.dat", received in VirusTotal at 03.01.2007, 02:36:41 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 no virus found
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 no virus found
BitDefender 7.2 03.01.2007 no virus found
CAT-QuickHeal 9.00 02.28.2007 no virus found
ClamAV devel-20060426 03.01.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 03.01.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 no virus found
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 03.01.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 no virus found
Prevx1 V2 03.01.2007 no virus found
Sophos 4.14.0 03.01.2007 no virus found
Sunbelt 2.2.907.0 03.01.2007 no virus found
Symantec 10 03.01.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 no virus found
VirusBuster 4.3.19:9 02.28.2007 no virus found

Aditional Information
File size: 104 bytes
MD5: 8eed9f4054bb8264a97938909726a08d
SHA1: 6f2acb939f57022958686f17a07b1943fdde924c

C:\Program Files\WGRADE7.DLL
STATUS: FINISHEDComplete scanning result of "WGRADE7.DLL", received in VirusTotal at 03.01.2007, 02:43:56 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 no virus found
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 no virus found
BitDefender 7.2 03.01.2007 no virus found
CAT-QuickHeal 9.00 02.28.2007 no virus found
ClamAV devel-20060426 03.01.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 03.01.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 no virus found
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 03.01.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 no virus found
Prevx1 V2 03.01.2007 no virus found
Sophos 4.14.0 03.01.2007 no virus found
Sunbelt 2.2.907.0 03.01.2007 no virus found
Symantec 10 03.01.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 no virus found
VirusBuster 4.3.19:9 02.28.2007 no virus found

Aditional Information

C:\WRI7.SYS
STATUS: FINISHEDComplete scanning result of "WRI7.SYS", received in VirusTotal at 03.01.2007, 02:51:01 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 no virus found
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 no virus found
BitDefender 7.2 03.01.2007 no virus found
CAT-QuickHeal 9.00 02.28.2007 no virus found
ClamAV devel-20060426 03.01.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 03.01.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 no virus found
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 03.01.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 no virus found
Prevx1 V2 03.01.2007 no virus found
Sophos 4.14.0 03.01.2007 no virus found
Sunbelt 2.2.907.0 03.01.2007 no virus found
Symantec 10 03.01.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 no virus found
VirusBuster 4.3.19:9 02.28.2007 no virus found

Aditional Information
File size: 25 bytes
MD5: 818422dbf6963be770c6be739ea1859c
SHA1: ee9e1b03438e3fef2a3b669cac8442c07e24cf7f

C:\WINDOWS\uccspecb.sys
STATUS: FINISHEDComplete scanning result of "uccspecb.sys", received in VirusTotal at 03.01.2007, 03:01:16 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 no virus found
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 no virus found
BitDefender 7.2 03.01.2007 no virus found
CAT-QuickHeal 9.00 02.28.2007 no virus found
ClamAV devel-20060426 03.01.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 03.01.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 no virus found
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 03.01.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 no virus found
Prevx1 V2 03.01.2007 no virus found
Sophos 4.14.0 03.01.2007 no virus found
Sunbelt 2.2.907.0 03.01.2007 no virus found
Symantec 10 03.01.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 no virus found
VirusBuster 4.3.19:9 02.28.2007 no virus found

Aditional Information
File size: 4 bytes
MD5: 7d4f6d5d207c9a1a4958bc74f0ed565c

**Rawe** · 2007-03-01, 15:28

Please navigate to, and delete the following file:

C:\WINDOWS\uccspecb.sys

Empty recycle bin.

------

Please go to UploadMalware to upload some files for for analysis..

Enter your username from this forum
Copy and paste the link to this thread
Paste the following 2 filepaths in to 2 boxes:
C:\Program Files\WGRADE7.DLL
C:\WRI7.SYS
In the comments, please mention that I asked you to upload these files.
Click on Send File.

-------

Let me know when you have done this and also please describe all your current issues with the PC....

Thread: Help, please (Vundo, etc.)

Thread Tools

Display

Posting Permissions