Piriform Community Forums > Hijackthis Log

Piriform Community Forums > Computer Help and Discussion > Spyware Hell

pdoig

Jan 5 2007, 11:00 PM

Hi, I'm new at this, so hope I'm in the right place.

have run all the scans as instructed.
logLogfile of HijackThis v1.99.1
Scan saved at 11:21:20 a.m., on 6/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PBitDefender Online Scanner - Real Time Virus Report
Generated at: Sat, Jan 06, 2007 - 08:41:05
________________________________________
Scan Info
Scanned Files 766295
Infected Files 2

Virus Detected
MemScan:Trojan.Downloader.ConHook.J 1
Trojan.Downloader.Winfixer.O 1

rog
Application Version : 3.4.1000

Core Rules Database Version : 3159
Trace Rules Database Version: 1172

Scan type : Complete Scan
Total Scan Time : 00:33:57

Memory items scanned : 369
Memory threats detected : 2
Registry items scanned : 5851
Registry threats detected : 6
File items scanned : 34703
File threats detected : 141

Trojan.Downloader-AutoAff
C:\WINDOWS\SYSTEM32\FCCDAAW.DLL
C:\WINDOWS\SYSTEM32\FCCDAAW.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\LGBPD.EXE
C:\WINDOWS\SYSTEM32\LGBPD.EXE
[LGBLiveUpdate] C:\WINDOWS\SYSTEM32\LGBPD.EXE
C:\WINDOWS\SYSTEM32\SLIMMXGC.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe#Path
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061286.EXE
C:\WINDOWS\SYSTEM32\LGB\LGBPD.EXE
C:\WINDOWS\Prefetch\LGBPD.EXE-10CD9875.pf

Adware.BusMaster/SafeSurfing
C:\WINDOWS\SYSTEM32\TCBLGWSG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA#Path
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061198.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061291.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@i.screensavers[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.rowise[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cdfreaks[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@try.screensavers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windows.serialz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.searchextreme[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serialz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data2.perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pcbannerhost[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071830256[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@optimost[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@888[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@downloads.serialz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@m1.webstats4u[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@43836137[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cassava[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@warlog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@creative.paypopup[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adv.entercasino[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1067983230[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.xtramsn.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultmediashop[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a.websponsors[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@h.starware[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@screensavers[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mininova[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@r-kimedia.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.plugin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@usenext[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist.bitcomet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@680784[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.adtrak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.sharereactor[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@3889204[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.checkmystats.com[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ilead.itrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@roiservice[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adsrevenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1064535546[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.i-am-bored[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlog.cdfreaks[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxhotvideos[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@drivecleaner[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.webforsex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.planetactive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1068674416[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072701528[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1070176844[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.azbilliards[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1070748332[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.sex.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.drivecleaner[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1070754780[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats.drivecleaner[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.belstat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1068107619[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1070563868[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@netmediagroup[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071927725[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@reference[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@intaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071226142[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.precisioncounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1069965519[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072697200[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracker.mediatracker.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.w3counter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.gamershell[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071930148[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@usenext[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@search.crackserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071241275[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071893604[1].txt

Adware.AdStart
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#adstart [ C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify ]

Adware.Mirar/NetNucleus
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MITCC.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MITCC.TMP.CAB
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\NNBAR_VCSETUP_876088_LOG.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061197.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061290.EXE
C:\WINDOWS\MIRAR_DISTRO_876088.EXE
C:\WINDOWS\Prefetch\MIRAR_DISTRO_876088.EXE-29B9F657.pf

Adware.Toolbar888
C:\PROGRAM FILES\COMMON FILES\{340BADF3-06D5-1033-0722-040614050040}\BAR888.DLL

Trojan.SearchTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP247\A0061096.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP247\A0061097.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP248\A0061140.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061194.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP250\A0061242.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061272.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061287.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP252\A0061335.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP253\A0061365.DLL
C:\WINDOWS\SYSTEM32\SEARCHTOOL\NSEBA.DLL
C:\WINDOWS\SYSTEM32\SMARTSHOPPER\SMARTSHOPPER0.DLL

Worm.Rbot Variant
C:\WINDOWS\SYSTEM32\TASKWIZ.EXEram Files\Symantec\Norton Ghost 2003\GSUPERAntiSpyware Scan Log
Generated 01/06/2007 at 09:36 AM

Application Version : 3.4.1000

Core Rules Database Version : 3159
Trace Rules Database Version: 1172

Scan type : Complete Scan
Total Scan Time : 00:33:57

Memory items scanned : 369
Memory threats detected : 2
Registry items scanned : 5851
Registry threats detected : 6
File items scanned : 34703
File threats detected : 141

Trojan.Downloader-AutoAff
C:\WINDOWS\SYSTEM32\FCCDAAW.DLL
C:\WINDOWS\SYSTEM32\FCCDAAW.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\LGBPD.EXE
C:\WINDOWS\SYSTEM32\LGBPD.EXE
[LGBLiveUpdate] C:\WINDOWS\SYSTEM32\LGBPD.EXE
C:\WINDOWS\SYSTEM32\SLIMMXGC.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe#Path
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061286.EXE
C:\WINDOWS\SYSTEM32\LGB\LGBPD.EXE
C:\WINDOWS\Prefetch\LGBPD.EXE-10CD9875.pfhostStartService.exes below

Hope this is right and someone can help.

Thanks very much

cheers Phil

rridgely

Jan 5 2007, 11:36 PM

Welcome to the forum.

Please create a new hijackthis log and post it.(make sure you get the entire thing)

pdoig

Jan 6 2007, 03:33 AM

QUOTE(rridgely @ Jan 6 2007, 12:36 PM) [snapback]59211[/snapback]

Welcome to the forum.

Please create a new hijackthis log and post it.(make sure you get the entire thing)

Sorry about that, as I said I'm a newbie.
hope this is what you need.

Logfile of HijackThis v1.99.1
Scan saved at 11:21:20 a.m., on 6/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - C:\WINDOWS\system32\fccdaaw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: mycpmads.com Browser Optimizer - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156125993296
O17 - HKLM\System\CCS\Services\Tcpip\..\{0217973D-44A6-4E5C-9DDF-C2A1B70265B3}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{0217973D-44A6-4E5C-9DDF-C2A1B70265B3}: NameServer = 203.96.152.4,203.96.152.12
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccdaaw - fccdaaw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

rridgely

Jan 6 2007, 04:37 AM

Thanks.

Download Killbox from Here

Run Killbox by clicking the killbox.exe file on the desktop

In the Full Path of File to Delete window type (or copy and paste)

C:\WINDOWS\system32\br_rt.dll

Select the options Delete on reboot and Unregister .dll Before Deleting

Click the button: Single File and it should then flash green.

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.
-----------

Once your computer has booted back up open hijackthis and do a system scan only. Check off the following lines:

O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - C:\WINDOWS\system32\fccdaaw.dll (file missing)

O20 - Winlogon Notify: fccdaaw - fccdaaw.dll (file missing)

O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)

Now press fixed checked and reboot your computer once again.
---------------

Once your computer is back up again please run the following scan:

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

Along with the kaspersky log please post a new hijackthis log as well.

pdoig

Jan 6 2007, 07:06 AM

QUOTE(rridgely @ Jan 6 2007, 05:37 PM) [snapback]59231[/snapback]

Thanks.

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

Along with the kaspersky log please post a new hijackthis log as well.

Thanks mate,

hope these logs are what you need

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 06, 2007 7:59:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/01/2007
Kaspersky Anti-Virus database records: 256329
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 103489
Number of viruses found: 4
Number of infected objects: 18 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:32:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp1.tmp Infected: Email-Worm.Win32.Warezov.ap skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP224\A0056052.dll Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061206.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061207.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061207.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061207.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP249\A0061207.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061299.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061300.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061300.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061300.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP251\A0061300.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{F7B1EC78-8A36-4E24-A337-2D10D7E143F7}\RP255\change.log Object is locked skipped
C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe NSIS: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{02223F5F-6EE7-4772-8493-870DEB7D1429}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\SearchTool\SearchTool.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 8:05:21 p.m., on 6/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156125993296
O17 - HKLM\System\CCS\Services\Tcpip\..\{0217973D-44A6-4E5C-9DDF-C2A1B70265B3}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{0217973D-44A6-4E5C-9DDF-C2A1B70265B3}: NameServer = 203.96.152.4,203.96.152.12
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

cheers Phil

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.