Smitfraud-c.Toolbar888 - help please

**Chirgo** · 2007-04-28, 03:11

Hi, I seem to have picked up Smitfraud-c.Toolbar888 and just cannot get rid of it. I would really appreciate any help given here. Below are the online scan log and the HJT log.

Online Scan:

File Infection Status Path
svchost.exe Win32/Alcan.J cannot cure C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Update.exe Win32/Matcash!generic cannot cure C:\Program Files\Common Files\{B051E6E7-0853-1033-1216-02100702003d}\
p.zip Win32/Alcan.I!ZIP cannot cure C:\Program Files\outlook\
p.zip>Setup.exe Win32/Alcan.I cannot cure C:\Program Files\outlook\
v.tmp Win32/Alcan.I cannot cure C:\Program Files\outlook\
a.tmp Win32/Alcan.D cannot cure C:\Program Files\winupdates\
a.zip Win32/Alcan.D!ZIP cannot cure C:\Program Files\winupdates\
a.zip>Setup.exe Win32/Alcan.D cannot cure C:\Program Files\winupdates\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-18\Dc1\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc100\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc102\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc103\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc104\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc105\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc106\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc97\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc98\
Update.exe Win32/Matcash!generic cannot cure C:\RECYCLER\S-1-5-21-3925511992-1331211134-2961542749-1007\Dc99\
awtrsqr.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
awtspom.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
byxvtss.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
byxxvtq.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
cbxvusp.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
ddcaawt.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
efcdbab.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
nnnnnki.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
OLD12C.tmp Win32/SillyDl.BAT cannot cure C:\WINDOWS\system32\
opnkjge.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
opnkljk.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
pmnopnk.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
qomklii.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
rnngdcmj.dll Win32/Darksma.X cannot cure C:\WINDOWS\system32\
rqrrspq.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
tuvurqq.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
urqopmn.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
urqqnnm.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
wvuvspm.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
xxyabyy.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\

Logfile of HijackThis v1.99.1
Scan saved at 11:05:22 AM, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

192.168.1.1;192.168.1.2;<local>
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP

Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\saboswyd.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft

Works\WkDetect.exe
O4 - HKCU\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: svchost.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

Settings\Sam Chirgwin.CWCPRESARIO\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -

http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe

**Rawe** · 2007-04-28, 13:41

Hello and welcome aboard

First things first, open notepad and make sure Format -> WordWrap is unchecked. Makes the log hard to read.

Then,

Please download Combofix to your desktop:

Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

**Chirgo** · 2007-04-29, 22:47

Hi Rawe thx for taking the time to help.

I spent some time looking through these forumns trying better to understand my problems. Anyway I gave a few of the suggestions a try and after some time appear to maybe now have a clean bill of health now - well according to Spybot-S&D anyway. Below is a new HJT log for comment.

Logfile of HijackThis v1.99.1
Scan saved at 6:25:38 AM, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\HJT\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: svchost.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

thanks again

**Rawe** · 2007-04-30, 21:24

Not clean yet.

I would like to see that Combolog... But in the meantime, lets run another scanner.

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-select "Only if threats were found"

Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results.

**Chirgo** · 2007-05-01, 12:00

Hey Rawe, dam I thought I was getting somewhere.

Posted below is the result of the AVG scan. I couldn't update AVG on-line but had no problems downloading it manually and installing.

Again thx for the help!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:41:24 PM 1/05/2007

+ Scan result:

C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480153.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480186.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msbb.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070428-130448-297.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480166.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480160.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{3051E6E7-0853-1033-1216-02100702003d}\Bar888.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476553.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476573.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477640.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0477659.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478782.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478835.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0478902.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480243.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480157.DLL -> Adware.MyWaySpeed : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480158.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070428-130448-767.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483115.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Fοnts\nοtepad.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480165.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483066.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483067.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483070.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483071.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483072.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483074.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483078.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483079.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483080.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483082.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483084.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483087.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483089.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP710\A0483091.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtrsqr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtspom.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxxvtq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxvusp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcaawt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcdbab.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnnnki.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnkjge.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnkljk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\qomklii.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\rqrrspq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqqnnm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvuvspm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyabyy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477577.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477578.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477579.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478854.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478855.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0478866.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0478867.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480176.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP708\A0481762.rbf -> Backdoor.MSNMaker.ag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP712\A0483354.com -> Backdoor.MSNMaker.ag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP707\A0481664.exe -> Downloader.Adload.jm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476552.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476572.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476589.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477639.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0477654.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478781.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478834.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0478900.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480163.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0481292.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\Sam Chirgwin\Local Settings\Temp\Sentry.cab/Sentry.exe -> Downloader.Stubby.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Sam Chirgwin\Local Settings\Temp\Sentry.exe -> Downloader.Stubby.b : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mkqo\mkqod\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\OLD12C.tmp -> Downloader.VB.afp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP714\A0483635.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Compaq\DtIcons\Carepaq\Carepaq.exe -> Logger.Age.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Natalie Chirgwin\Cookies\natalie chirgwin@bis.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\Natalie Chirgwin\Cookies\natalie chirgwin@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Natalie Chirgwin\Cookies\natalie chirgwin@webpdp.gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Natalie Chirgwin\Cookies\natalie chirgwin@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Natalie Chirgwin\Cookies\natalie chirgwin@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Ipwindows\UnInstall.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wapiisv32.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476551.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476571.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476588.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477638.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0477653.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478780.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP704\A0478833.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0478899.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0480162.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP706\A0481291.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476549.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476566.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0476585.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP703\A0477636.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP705\A0479939.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP707\A0481662.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP707\A0481714.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C293515-E91D-4B17-A2F7-3FBEC43658AE}\RP709\A0481951.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup (quarantined).

::Report end

**Rawe** · 2007-05-01, 17:34

Run a scan with HijackThis and check the following objects for removal:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKCU\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - Global Startup: svchost.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

==

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Common Files\{B051E6E7-0853-1033-1216-02100702003d}
C:\Program Files\outlook
C:\Program Files\winupdates\
C:\windows\system32\drivers\helpsys\msnexplorer.exe
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==

Please download ComboScan to your desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it -- follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open (ComboScan.txt), please copy & paste all of it's content here.

**Chirgo** · 2007-05-02, 10:03

Hello Rawe,
Results of the OTMoveIt and ComboScan below.
Thanks and regards,

OTMoveIt
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe not found.
C:\Program Files\Common Files\{B051E6E7-0853-1033-1216-02100702003d} moved successfully.
C:\Program Files\outlook moved successfully.
C:\Program Files\winupdates moved successfully.
File/Folder C:\windows\system32\drivers\helpsys\msnexplorer.exe not found.

Created on 05/02/2007 17:45:35

**Chirgo** · 2007-05-02, 10:04

ComboScan

ComboScan v20070306.20 run by Owner on 2007-05-02 at 17:47:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
76: 2007-05-02 07:47:21 UTC - RP716 - ComboScan Restore Point
75: 2007-05-01 12:38:55 UTC - RP715 - System Checkpoint
74: 2007-04-30 06:46:29 UTC - RP714 - System Checkpoint
73: 2007-04-29 06:31:44 UTC - RP713 - System Checkpoint
72: 2007-04-28 04:42:30 UTC - RP712 - Removed J2SE Runtime Environment 5.0 Update 9

-- First Restore Point --
1: 2007-02-03 14:36:13 UTC - RP641 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:47:58 PM, on 2/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\comboscan.exe
C:\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070428-123755-100 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20070428-123755-158 O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
backup-20070428-123755-254 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070428-123755-797 O2 - BHO: (no name) - {1C742F16-2CE6-49DF-84FC-57FDAD4DF8D5} - C:\WINDOWS\system32\ddccb.dll (file missing)
backup-20070428-123755-891 O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
backup-20070428-130448-297 O2 - BHO: (no name) - {88B27256-BB27-4E96-8957-2156F4BFC31f} - C:\WINDOWS\system32\jvcfevyk.dll
backup-20070428-130448-313 O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ppcqginx.dll
backup-20070428-130448-725 O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mujolypx.dll
backup-20070428-130448-767 O2 - BHO: (no name) - {17E7AD11-32A3-3E02-F04A-6CE33794FA95} - C:\WINDOWS\system32\kug.dll
backup-20070428-143151-316 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
backup-20070428-143151-829 O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
backup-20070428-143151-924 O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
backup-20070428-144753-722 O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\saboswyd.dll",realset
backup-20070502-174405-382 O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
backup-20070502-174405-540 O4 - HKLM\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
backup-20070502-174405-777 O4 - HKCU\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
backup-20070502-174405-872 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - C:\WINDOWS\NOTEPAD.EXE "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S 61883 (61883 Unit Device) - C:\WINDOWS\system32\drivers\61883.sys
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S Avc (AVC Device) - C:\WINDOWS\system32\drivers\avc.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
1R DcCam (Kodak Camera Proxy) - C:\WINDOWS\system32\drivers\DcCam.sys
3S DcFpoint - C:\WINDOWS\system32\drivers\DcFpoint.sys
2R DCFS2K (Kodak DCFS2K Driver) - C:\WINDOWS\system32\drivers\DCFS2k.sys
3S DcLps (Legacy Polling Service) - C:\WINDOWS\system32\drivers\DcLps.sys
3S DcPTP - C:\WINDOWS\system32\drivers\DcPtp.sys
2R enodpl - C:\WINDOWS\system32\drivers\enodpl.sys
1S Exportit - C:\WINDOWS\system32\drivers\ExportIt.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFHWBS2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
3R iadusb (Dynalink RTA100+ USB) - C:\WINDOWS\system32\drivers\glauiad.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSDV (Microsoft DV Camera and VCR) - C:\WINDOWS\system32\drivers\msdv.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20021028.003\NAVENG.SYS
3S NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20021028.003\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S PCDRDRV (Pcdr Helper Driver) - C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys (not found)
3S PcdrNt - C:\WINDOWS\system32\drivers\PcdrNt.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3S PnkBstrK - C:\WINDOWS\system32\drivers\PnkBstrK.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S RioDrv (Rio600 driver) - C:\WINDOWS\system32\drivers\riodrv.sys
2R RioPNP - C:\WINDOWS\system32\drivers\RioPnP.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys
3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys
3S SAVRT - C:\WINDOWS\system32\drivers\SAVRT.SYS
2R SAVRTPEL - C:\WINDOWS\system32\drivers\SAVRTPEL.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
2R tandpl - C:\WINDOWS\system32\drivers\tandpl.sys
2R U3sHlpDr - C:\WINDOWS\system32\drivers\U3sHlpDr.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WinDriver (JungSoft MUZIO JM-100 WinDriver kernel module) - C:\WINDOWS\system32\drivers\windrvr.sys (not found)
3R WinDriver6 - C:\WINDOWS\system32\drivers\windrvr6.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
1S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys

**Chirgo** · 2007-05-02, 10:06

ComboScan continued....

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation Service) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
4S Client IP-IPX - "" -e mc-110-12-0000627
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R KodakCCS (Kodak Camera Connection Software) - C:\WINDOWS\system32\drivers\KodakCCS.exe
3S navapsvc (Norton AntiVirus Auto Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2R Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
3S PnkBstrB - C:\WINDOWS\system32\PnkBstrB.exe
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SymWSC (SymWMI Service) - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe

-- Scheduled Tasks -------------------------------------------------------------

2007-04-25 13:51:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-04-22 13:33:02 464 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job<NORTON~1.JOB>
2005-03-28 09:09:53 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>

-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2007-05-02 17:45:35 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-05-02 17:40:47 0 d-------- C:\WINDOWS\pss
2007-05-01 17:01:24 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-01 17:01:16 0 d-------- C:\Program Files\Grisoft
2007-05-01 17:00:51 0 d-------- C:\AVG
2007-04-28 12:13:59 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-28 11:04:26 0 d-------- C:\HJT
2007-04-28 10:52:06 131604 --a------ C:\WINDOWS\system32\jvcfevyk.dll
2007-04-28 08:37:55 131604 --a------ C:\WINDOWS\system32\exitexfl.dll
2007-04-28 08:37:05 49204 --a------ C:\WINDOWS\system32\mujolypx.dll
2007-04-27 19:19:28 49204 --a------ C:\WINDOWS\system32\ppcqginx.dll
2007-04-27 19:19:14 132660 --a------ C:\WINDOWS\system32\saboswyd.dll
2007-04-26 18:19:20 4266 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-26 18:12:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2007-04-26 18:12:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-26 18:12:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView<SAMPLE~1>
2007-04-26 18:12:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust<INTERT~1>
2007-04-26 18:12:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-26 18:12:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-04-26 18:12:38 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-26 17:46:45 0 d-------- C:\Anti Virus<ANTIVI~1>
2007-04-25 09:21:23 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-04-24 06:07:45 79 --a------ C:\WINDOWS\delay.reg
2007-04-20 21:07:09 125460 --a------ C:\WINDOWS\system32\lvpgkeni.dll
2007-04-19 21:06:53 49204 --a------ C:\WINDOWS\system32\inunexgv.dll
2007-04-19 15:53:30 0 d-------- C:\Program Files\Ipwindows<IPWIND~1>
2007-04-18 17:21:15 0 d-------- C:\Program Files\Outerinfo<OUTERI~1>
2007-04-18 17:20:56 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE>
2007-04-18 17:10:48 0 d-------- C:\Program Files\Common Files\{3051E6E7-0853-1033-1216-02100702003d}<{3051E~1>
2007-04-18 17:09:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-11 09:39:41 22584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-09 08:40:19 2599088 --a------ C:\Shockwave_Installer_Slim.exe<SHOCKW~1.EXE>
2007-04-09 08:33:13 1410680 --a------ C:\install_flash_player.exe<INSTAL~2.EXE>
2007-04-08 14:53:44 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-08 10:35:40 0 d-------- C:\Nividia
2007-04-08 10:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-04-08 09:18:24 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-08 09:18:04 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-08 09:18:03 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe

-- Find3M Report ---------------------------------------------------------------

2007-05-02 17:39:51 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-28 14:42:45 0 d-------- C:\Program Files\Java
2007-04-25 14:17:46 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-25 14:15:17 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-25 09:32:00 0 d-------- C:\Program Files\Skype
2007-04-25 09:20:24 0 d-------- C:\Program Files\Ubisoft
2007-04-24 06:51:01 0 d-------- C:\Program Files\MyWay
2007-04-24 06:07:45 0 d-------- C:\Program Files\Symantec
2007-04-14 23:42:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-04-09 12:22:42 0 d-------- C:\Program Files\Google
2007-04-09 07:53:03 0 d-------- C:\Program Files\Yahoo!
2007-04-04 06:16:05 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-03-17 23:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 18:45:43 0 d-------- C:\Program Files\iTunes
2007-03-09 18:45:31 0 d-------- C:\Program Files\iPod
2007-03-09 18:44:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-09 18:42:41 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-09 17:44:33 37844544 --a------ C:\iTunesSetup.exe<ITUNES~1.EXE>
2007-03-09 01:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-09 01:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-09 01:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 23:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 15:40:03 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-03-08 15:40:02 0 --a------ C:\WINDOWS\b.exe
2007-02-07 19:00:24 118770 --a------ C:\WINDOWS\hpoins09.dat
2007-02-06 06:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"hp Silent Service"="C:\\Windows\\system32\\HpSrvUI.exe"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"DSLAGENTEXE"="C:\\Program Files\\Dynalink\\Adsl\\dslagent.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{80440127-2315-4464-88B9-7ACB72F43ADB}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{B051E6E7-0853-1033-1216-02100702003d}"="\"C:\\Program Files\\Common Files\\{B051E6E7-0853-1033-1216-02100702003d}\\Update.exe\" mc-110-12-0000960"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{B051E6E7-0853-1033-1216-02100702003d}"="\"C:\\Program Files\\Common Files\\{B051E6E7-0853-1033-1216-02100702003d}\\Update.exe\" mc-110-12-0000960"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-05-02 at 17:48:28 ------------------------

**Chirgo** · 2007-05-02, 10:07

ComboScan v20070306.20 run by Owner on 2007-05-02 at 17:47:06
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 663.88 MiB
Pagefile Memory (total/avail): 1527.27 MiB / 1282.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1995.19 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 107.56 GiB total, 57.08 GiB free.
D: is Fixed (FAT32) - 4.24 GiB total, 1.06 GiB free.
E: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (FAT)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Norton AntiVirus v2003 (Symantec Corporation) Disabled Outdated

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CWCPRESARIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\CWCPRESARIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=CWCPRESARIO
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Natalie Chirgwin.CWCPRESARIO (admin)
Chloe Chirgwin.CWCPRESARIO (admin)
Sam Chirgwin.CWCPRESARIO (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AutoCAD 2002 --> MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Documents and Settings\Sam Chirgwin.CWCPRESARIO\My Documents\My Videos\Movies\AviSynth 2.5\Uninstall.exe"
BeatsoundsConfig --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CC5D649-FFBE-4879-ACC4-3099BB07F764}\setup.exe"
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Coloreal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\Setup.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Player 2.1 --> C:\Program Files\DivX\DivX Player 2.1\uninstall.bat
DivX Pro Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Bundle.log
Dynalink RTA100+ USB --> C:\Program Files\Dynalink\Adsl\uninstall.exe
e-tax 2006 --> C:\ATO\etax2006\e-tax 2006_uninstall.exe
e-tax 2006 - FTB Module --> C:\ATO\etax2006\ftb 2006_uninstall.exe
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Express Setup --> "C:\Program Files\Express Setup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel(R) 82845G Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_db8860\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Magic Starter 7th Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Wizards of the Coast\Magic Starter 7th Edition\DeIsL1.isu" -c"C:\Program Files\Wizards of the Coast\Magic Starter 7th Edition\_ISREG32.DLL"
Medieval Total War --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard - WE 2002 --> MsiExec.exe /I{01400202-823E-46CD-A70E-BEE818F97169}
Microsoft Money --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
MP3 Player Utilities 3.75 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
mplayer.com --> "C:\Program Files\Mplayer\System\UNWISE32.EXE" /a C:\PROGRA~1\Mplayer\System\install.log
Muzio Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CC0682A-26CB-4CA0-932B-4BCD50641352}\Setup.exe" -l0x9
MuzioFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67011A14-FB08-42B4-8C1B-2530ED59360D}\Setup.exe" -l0x9
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x9 -L0x9 /SMAINT
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
ninemsn Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\mtbs.exe c
Norton AntiVirus 2003 --> MsiExec.exe /I{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSP Video Converter 3 --> C:\Program Files\Xilisoft\PSP Video Converter 3\Uninstall.exe
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShowBiz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Spybotsd12\Spybot - Search & Destroy\unins000.exe"
Star Wars Jedi Knight Jedi Academy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D994CC5-819F-4657-84DD-397B8FE1EA80}\Setup.exe" -l0x9
Starcraft Brood War (RAZOR 1911) --> C:\WINDOWS\rzrunins.exe G:\BROOD\rzrunins.log
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual Basic 5.0 Professional Edition --> C:\Program Files\DevStudio\VB\Setup\setup.exe /z vb5_bb.dll /m
Volo View Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

-- End of ComboScan: finished at 2007-05-02 at 17:48:28 ------------------------

Thread: Smitfraud-c.Toolbar888 - help please

Thread Tools

Display

Smitfraud-c.Toolbar888 - help please

Posting Permissions