Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Review Hijack this Log for me. Thank you

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Review Hijack this Log for me. Thank you

Unread postby neildush » May 5th, 2007, 11:09 am

Logfile of HijackThis v1.99.1
Scan saved at 16:05:30, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156297066
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156286962
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B3AD68-B70F-4A49-8CCC-129451DDDB52}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London
Advertisement
Register to Remove

Unread postby askey127 » May 5th, 2007, 4:09 pm

neildush,

Just based on your log content alone, the machine does not show any malware. Are you having any trouble?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby neildush » May 20th, 2007, 7:25 pm

Hi

Sorry for delay. My computer is running very slow, taking a long time to start up, loses internet connection. AVG scan says I have 4 trojan files.

Cheers,

neildush
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » May 20th, 2007, 7:50 pm

neildush,
-----------------------------------------------------------
Disable AVG Anti-Spyware Guard (formerly ewido)
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  • Reply 'no' and set it to 'inactive' for the duration of your cleanup.
-----------------------------------------------------------
Download and install CCleaner from here.
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button. Check "Only delete files in Windows Temp folders older than 48 hours".
------------------------------------------------
Print this out or save it to a NotePad file on your Desktop, since you won't be able to see it online during the Safe Mode part of this procedure.
Update and Initiialize AVG AntiSpyware
Launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
In the AVG Anti-Spyware Status Menu. Select the Update button and click Start update. Wait until you see the "Update succesfull" message.
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
  • Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    - Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    - Under "How to Scan?" check all (default).
    - Under "Possibly unwanted software" check all (default).
    - Under "What to Scan?" make sure "Scan every file" is selected (default).
    - Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the "Apply all actions" button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20061031-090001.txt. Save to your desktop. A copy of each report will also be saved in C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\Reports\\
  • Exit AVG Anti-Spyware when done and Reboot your machine.

Open the report in Notepad and paste the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

reply and new log

Unread postby neildush » May 26th, 2007, 7:40 pm

Hi,

Please find my AVG Spyware Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:01:34 27/05/2007

+ Scan result:



C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022722.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022724.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
[204] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[808] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\smanager.7.exe~ -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022724.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe~ -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022800.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022732.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022746.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\inetloader.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\Copy of mp3\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\advmp3.zip/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\mp3\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022785.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022775.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022786.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvcez.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\windtv32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
H:\Software\CAD software\Digital Projects\DP1\INTEL\Multimedia/intel_a\resources\msgcatalog\German\CATMMediaCaptureSizeDialog.CATNls -> Trojan.Runner.i : Cleaned with backup (quarantined).


::Report end


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:01:34 27/05/2007

+ Scan result:



C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022722.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022724.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
[204] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[808] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\smanager.7.exe~ -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022724.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe~ -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022800.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022732.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022746.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\inetloader.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\Copy of mp3\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\advmp3.zip/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
D:\00_To file\mp3\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022785.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP77\A0022775.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022786.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvcez.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\windtv32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
H:\Software\CAD software\Digital Projects\DP1\INTEL\Multimedia/intel_a\resources\msgcatalog\German\CATMMediaCaptureSizeDialog.CATNls -> Trojan.Runner.i : Cleaned with backup (quarantined).


::Report end

Problems occuring are:

ctfmon.exe and rqomn.dll try to load onto my machine.

pop ups include:

winantivirus.com
yourdebts
my debt solution

Here is a new Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 00:39:10, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156297066
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156286962
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B3AD68-B70F-4A49-8CCC-129451DDDB52}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you for your kind help,

Regards,

Neildush
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » May 26th, 2007, 9:13 pm

neildush,
Your AVG Anti-Spyware is not showing any active trojans at present.
Let's locate the other stuff.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
You will need to paste the content of the file into your next reply.
-----------------------------------------------------------
Download Blacklight Beta from here:
https://europe.f-secure.com/exclude/blacklight/fsbl.exe
* Download fsbl.exe and save it to the C:\
* Once saved... double click blbeta.exe to install the program.
Go to Start-->Run, copy in the following text and press Enter:
C:\fsbl.exe /expert
(space between fsbl.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > next
You'll see a list of all items found. If anything is found, DON'T take any action yet.
There will be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
------------------------------------------------------
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them: NONE
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

To summarize, we are looking for three items: the Installed programs list from CCleaner, the log from Blacklight, and the (larger) log from Winpfind3.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

scans done

Unread postby neildush » May 28th, 2007, 6:09 pm

Hi

Scans done. Am getting lots of popups. They include:

my debt solution
your debts
winantispyware

certain dll's try load on my machine:
hotmwksndll
jvdbik.dll

sometimes my cursor moves across screen without me touching the mouse.

CCLEANER:

Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced MP3 Catalog 3.36
AiOSoftware
AiO_Scan
allTunes
Apple Software Update
AutoUpdate
Avance AC'97 Audio
AVG 7.5
AVG Anti-Spyware 7.5
Bentley MicroStation (V 08.01.02.15) - 1
BitTorrent 5.0.7
CCleaner (remove only)
del.icio.us Buttons for Internet Explorer
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Fax
Flamingo 1.1
FrostWire 4.13.1.7 BETA
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
iTunes Library Updater
iTunes
IWF - Internet Safety Presentation
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Logitech MouseWare 9.79.1
Magic ISO Maker v5.4 (build 0237)
MarketResearch
Media Library Management Wizard
MGTEK dopisp
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.1
Microsoft LifeCam
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Works 7.0
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
Nero 7 Ultra Edition
Nero PhotoShow Express
neroxml
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Offline CD Browser 3.1
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerDVD
QFolder
QuickTime
Readme
Reasonable NoClone 4 Home
RedistSysFiles
Rhinoceros 3.0
Rhinoceros 4.0
RTLSetup 2.50.503
Scan
Scripts for iTunes
Security Update for Excel 2007 (KB934670)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Office 2007 (KB934062)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SiS 900 PCI Fast Ethernet Adapter Driver
Skype 3.1
Skype Plugin Manager
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
SuperCat 4.4 (Trial Version)
TreeSize Professional 4.3
TrojanHunter 4.6
Tweak UI
Tweakui Powertoy for Windows XP
Update for Office 2007 (KB932080)
Update for Office 2007 (KB933688)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (KB934655)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Word 2007 (KB934173)
V-Ray for Rhinoceros 3.0
Vallen JPegger
VBA (2720)
VectorWorks 11
VectorWorks
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPatrol 2007 Restore/Remove First
WinPatrol
WinRAR archiver
XoftSpy
ZoneAlarm
µTorrent

fsbl-20070528205508


05/28/07 21:55:08 [Info]: BlackLight Engine 1.0.61 initialized
05/28/07 21:55:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/28/07 21:55:08 [Note]: 7019 4
05/28/07 21:55:08 [Note]: 7005 0
05/28/07 21:55:13 [Note]: 7006 0
05/28/07 21:55:13 [Note]: 7011 968
05/28/07 21:55:13 [Note]: 7026 0
05/28/07 21:55:14 [Note]: 7026 0
05/28/07 21:55:18 [Note]: FSRAW library version 1.7.1021
05/28/07 22:50:12 [Note]: 7007 0

WinPFind3

WinPFind3 logfile created on: 28/05/2007 22:53:52
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Neil D\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1023.48 Mb Total Physical Memory | 511.03 Mb Available Physical Memory | 49.93% Memory free
2.41 Gb Paging File | 1.92 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 46.58 Gb Free Space | 60.74% Space Free
Drive D: | 186.31 Gb Total Space | 107.67 Gb Free Space | 57.79% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil D
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003051500 | Size = 217193 bytes | Modified Date = 15/05/2003 01:19:50 | Attr = ]
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 28/03/2007 01:07:42 | Attr = R ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 26/05/2007 12:17:10 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 26/05/2007 12:17:12 | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 08/01/2004 09:50:00 | Attr = ]
epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1229 | Size = 880640 bytes | Modified Date = 28/02/2007 10:55:18 | Attr = R ]
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca AB [Ver = 1, 4, 14, 0 | Size = 983040 bytes | Modified Date = 09/02/2007 17:03:38 | Attr = R ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\ITUNESHELPER.EXE -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Avance Logic, Inc. [Ver = 5.0.10 | Size = 47104 bytes | Modified Date = 27/09/2002 12:44:12 | Attr = ]
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 202240 bytes | Modified Date = 29/04/2007 23:39:50 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 11, 3, 2007, 0 | Size = 271936 bytes | Modified Date = 19/04/2007 13:33:02 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(a2AntiMalware) a-squared Anti-Malware Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\A-SQUARED ANTI-MALWARE\a2service.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/04/2007 21:26:34 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 26/05/2007 12:17:12 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 10/04/2007 00:29:12 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(InstallShield Licensing Service) InstallShield Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield Shared\Service\InstallShield Licensing Service.exe -> Macrovision [Ver = 2.68.000 | Size = 72704 bytes | Modified Date = 26/05/2007 10:40:50 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 26/05/2007 12:17:10 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 28/03/2007 01:07:42 | Attr = R ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 11, 3, 2007, 0 | Size = 271936 bytes | Modified Date = 19/04/2007 13:33:02 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 19:16:50 | Attr = ]
%AllUsersStartup%\Shortcut to avgas.lnk -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
< User Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 19:16:50 | Attr = ]
%AllUsersStartup%\Shortcut to avgas.lnk -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{0777FDE1-50AB-4E2F-8DC8-23548E111F93} [HKLM] -> %System32%\efccdaa.dll [] -> File not found
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efccdaa -> efccdaa.dll -> File not found
rqomn -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
windtv32 -> windtv32.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\svchost.exe -> C:\WINDOWS\svchost.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.co.uk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 00:47:54 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us Toolbar Helper] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
{84466F10-9770-4B84-8CA9-4F9FB1D77FA0} [HKLM] -> %System32%\rqomn.dll [Reg Data - Value does not exist] -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
{981FE6A8-260C-4930-960F-C3BC82746CB0} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
WebBrowser\\{981FE6A8-260C-4930-960F-C3BC82746CB0} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{265FFA78-001F-4908-9A6F-9433B266DA87} -> (Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)) ->
{47B3AD68-B70F-4A49-8CCC-129451DDDB52} -> 192.168.2.1 (Belkin 54Mbps Wireless USB Network Adapter) ->
{621BB350-9E7B-471C-9306-80687C5047F4} -> (1394 Net Adapter) ->
{9378AC09-ACA3-47F9-85D0-7916189DB920} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{DF719B30-5A46-4ECB-98BF-CA729B49A136} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/2007 12:50:48 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 6156297066 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 6156286962 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->

[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 26/05/2007 11:18:16 | Attr = RH ]
bm_3dmodel_151206.bak -> %SystemDrive%\bm_3dmodel_151206.bak -> [Ver = | Size = 170768 bytes | Created Date = 27/05/2007 01:23:40 | Attr = ]
bm_3dmodel_151206.dwg -> %SystemDrive%\bm_3dmodel_151206.dwg -> [Ver = | Size = 160830 bytes | Created Date = 27/05/2007 01:23:40 | Attr = ]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1061, 0 | Size = 899952 bytes | Created Date = 28/05/2007 10:37:17 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Created Date = 01/01/1601 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 30/04/2007 21:29:43 | Attr = RH ]
$NtUninstallKB915800$ -> %SystemRoot%\$NtUninstallKB915800$ -> [Folder | Created Date = 01/05/2007 19:44:37 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 23/05/2007 07:25:33 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 16/05/2007 02:01:53 | Attr = H ]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini -> [Ver = | Size = 73 bytes | Created Date = 22/05/2007 00:15:19 | Attr = ]
g757549.exe -> %SystemRoot%\g757549.exe -> [Ver = | Size = 206 bytes | Created Date = 26/05/2007 11:16:45 | Attr = ]
hpoins05.dat.temp -> %SystemRoot%\hpoins05.dat.temp -> [Ver = | Size = 68302 bytes | Created Date = 19/05/2007 08:25:22 | Attr = ]
hpomdl05.dat.temp -> %SystemRoot%\hpomdl05.dat.temp -> [Ver = | Size = 19696 bytes | Created Date = 19/05/2007 08:25:21 | Attr = ]
Nero PhotoShow.scr -> %SystemRoot%\Nero PhotoShow.scr -> [Ver = | Size = 421888 bytes | Created Date = 30/04/2007 20:16:32 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Created Date = 30/04/2007 21:54:21 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/05/2007 16:42:42 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 28/05/2007 15:21:45 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 28/05/2007 15:21:45 | Attr = H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 29/04/2007 22:47:51 | Attr = ]
autosys.exe -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Created Date = 26/05/2007 10:20:35 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 26/05/2007 14:29:29 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 05/05/2007 14:00:04 | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 4.00.04 | Size = 110592 bytes | Created Date = 22/05/2007 00:07:18 | Attr = ]
dzip32.dll -> %System32%\dzip32.dll -> Inner Media, Inc. [Ver = 4.00.04 | Size = 131072 bytes | Created Date = 22/05/2007 00:07:18 | Attr = ]
eaypchub.dll -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Created Date = 26/05/2007 10:27:53 | Attr = ]
hotmwksn.dll -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Created Date = 28/05/2007 11:12:17 | Attr = ]
ihwnonpk.ini -> %System32%\ihwnonpk.ini -> [Ver = | Size = 1083839 bytes | Created Date = 27/05/2007 11:10:37 | Attr = HS]
jbkohjkr.dll -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Created Date = 27/05/2007 11:10:57 | Attr = ]
jvdfkbik.dll -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Created Date = 28/05/2007 11:12:25 | Attr = ]
klikalka.exe -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Created Date = 26/05/2007 10:20:23 | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 29/04/2007 22:47:38 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 26/05/2007 10:27:44 | Attr = ]
nmoqr.bak1 -> %System32%\nmoqr.bak1 -> [Ver = | Size = 1006565 bytes | Created Date = 26/05/2007 10:27:20 | Attr = HS]
nmoqr.bak2 -> %System32%\nmoqr.bak2 -> [Ver = | Size = 1011838 bytes | Created Date = 27/05/2007 11:10:14 | Attr = HS]
nmoqr.ini -> %System32%\nmoqr.ini -> [Ver = | Size = 1031376 bytes | Created Date = 26/05/2007 10:26:49 | Attr = HS]
nmoqr.tmp -> %System32%\nmoqr.tmp -> [Ver = | Size = 0 bytes | Created Date = 28/05/2007 19:32:02 | Attr = ]
nskwmtoh.ini -> %System32%\nskwmtoh.ini -> [Ver = | Size = 1083839 bytes | Created Date = 28/05/2007 11:12:34 | Attr = HS]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 30/04/2007 19:18:47 | Attr = ]
picn20.dll -> %System32%\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 30/04/2007 20:16:13 | Attr = ]
RCM.dll -> %System32%\RCM.dll -> Robert McNeel & Associates [Ver = 1, 8, 338, 0 | Size = 2003032 bytes | Created Date = 26/05/2007 09:40:47 | Attr = ]
RhinoShExt.dll -> %System32%\RhinoShExt.dll -> Robert McNeel & Associates [Ver = 1, 0, 0, 1 | Size = 643072 bytes | Created Date = 26/05/2007 09:35:20 | Attr = ]
rqomn.dll -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Created Date = 26/05/2007 10:26:25 | Attr = ]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 30/04/2007 20:16:13 | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 29/04/2007 22:47:30 | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 29/04/2007 22:47:29 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 26/05/2007 11:17:19 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 26/05/2007 11:17:02 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 26/05/2007 11:17:06 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 26/05/2007 11:17:07 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 26/05/2007 11:17:07 | Attr = ]
SE27bus.sys -> %System32%\drivers\SE27bus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]
SE27cm.sys -> %System32%\drivers\SE27cm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27cmnt.sys -> %System32%\drivers\SE27cmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
se27cr.sys -> %System32%\drivers\se27cr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 05/05/2007 14:17:43 | Attr = R ]
SE27mdfl.sys -> %System32%\drivers\SE27mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27mdm.sys -> %System32%\drivers\SE27mdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27mgmt.sys -> %System32%\drivers\SE27mgmt.sys -> MCCI [Ver = V4.34 | Size = 88688 bytes | Created Date = 05/05/2007 14:17:37 | Attr = R ]
se27nd5.sys -> %System32%\drivers\se27nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 05/05/2007 14:18:01 | Attr = R ]
SE27obex.sys -> %System32%\drivers\SE27obex.sys -> MCCI [Ver = V4.34 | Size = 86560 bytes | Created Date = 05/05/2007 14:17:33 | Attr = R ]
se27unic.sys -> %System32%\drivers\se27unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 05/05/2007 14:17:43 | Attr = R ]
SE27wh.sys -> %System32%\drivers\SE27wh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]
SE27whnt.sys -> %System32%\drivers\SE27whnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 27/05/2007 16:22:28 | Attr = RH ]
bm_3dmodel_151206.bak -> %SystemDrive%\bm_3dmodel_151206.bak -> [Ver = | Size = 170768 bytes | Modified Date = 27/05/2007 02:23:42 | Attr = ]
bm_3dmodel_151206.dwg -> %SystemDrive%\bm_3dmodel_151206.dwg -> [Ver = | Size = 160830 bytes | Modified Date = 27/05/2007 02:24:30 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 28/05/2007 13:32:38 | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 26/05/2007 12:44:44 | Attr = ]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1061, 0 | Size = 899952 bytes | Modified Date = 28/05/2007 11:37:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Modified Date = 28/05/2007 18:03:16 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 30/04/2007 22:29:44 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 27/05/2007 03:43:06 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 26/05/2007 09:44:04 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 28/05/2007 16:21:46 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 23/05/2007 08:25:24 | Attr = H ]
$NtUninstallKB915800$ -> %SystemRoot%\$NtUninstallKB915800$ -> [Folder | Modified Date = 01/05/2007 20:44:40 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 23/05/2007 08:25:36 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 16/05/2007 03:01:56 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 19/05/2007 11:08:30 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/05/2007 18:03:18 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 22/05/2007 00:36:50 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 28/05/2007 13:29:08 | Attr = ]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini -> [Ver = | Size = 73 bytes | Modified Date = 22/05/2007 01:15:22 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 22/05/2007 01:04:04 | Attr = ]
g757549.exe -> %SystemRoot%\g757549.exe -> [Ver = | Size = 206 bytes | Modified Date = 26/05/2007 12:16:46 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 27/05/2007 02:16:08 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 16/05/2007 03:03:04 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 23/05/2007 08:25:40 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/05/2007 13:32:38 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 28/05/2007 22:53:58 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 28/05/2007 21:44:30 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 15/05/2007 21:40:22 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/05/2007 22:53:10 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/05/2007 17:44:20 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 28/05/2007 16:21:46 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 28/05/2007 16:21:46 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 19/05/2007 11:08:28 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 30/04/2007 23:18:04 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 30/04/2007 23:31:30 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 26/05/2007 12:16:26 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 28/05/2007 22:54:00 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/05/2007 17:42:24 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/05/2007 18:57:02 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 613 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 30/04/2007 23:06:52 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/05/2007 18:03:26 | Attr = H ]
autosys.exe -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Modified Date = 26/05/2007 11:20:36 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18/05/2007 12:47:56 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 23/05/2007 08:25:24 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 30/04/2007 23:11:24 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 26/05/2007 15:29:30 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 28/05/2007 23:34:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 26/05/2007 12:17:20 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 05/05/2007 15:02:58 | Attr = ]
eaypchub.dll -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Modified Date = 26/05/2007 11:27:54 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 19/05/2007 09:23:32 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 273376 bytes | Modified Date = 24/05/2007 08:23:36 | Attr = ]
hotmwksn.dll -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Modified Date = 28/05/2007 12:12:24 | Attr = ]
ihwnonpk.ini -> %System32%\ihwnonpk.ini -> [Ver = | Size = 1083839 bytes | Modified Date = 27/05/2007 12:10:50 | Attr = HS]
jbkohjkr.dll -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Modified Date = 27/05/2007 12:11:00 | Attr = ]
jvdfkbik.dll -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Modified Date = 28/05/2007 12:12:30 | Attr = ]
klikalka.exe -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Modified Date = 26/05/2007 11:20:26 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 26/05/2007 11:27:46 | Attr = ]
nmoqr.bak1 -> %System32%\nmoqr.bak1 -> [Ver = | Size = 1006565 bytes | Modified Date = 26/05/2007 11:27:22 | Attr = HS]
nmoqr.bak2 -> %System32%\nmoqr.bak2 -> [Ver = | Size = 1011838 bytes | Modified Date = 28/05/2007 12:10:38 | Attr = HS]
nmoqr.ini -> %System32%\nmoqr.ini -> [Ver = | Size = 1031376 bytes | Modified Date = 28/05/2007 22:54:00 | Attr = HS]
nskwmtoh.ini -> %System32%\nskwmtoh.ini -> [Ver = | Size = 1083839 bytes | Modified Date = 28/05/2007 12:13:02 | Attr = HS]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 30/04/2007 20:19:40 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63188 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403968 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 463284 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 29/04/2007 13:00:32 | Attr = ]
rqomn.dll -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 19/05/2007 11:07:26 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49616 bytes | Modified Date = 28/05/2007 18:04:04 | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 28/05/2007 18:04:50 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 29/04/2007 23:48:50 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 29/04/2007 23:50:10 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/05/2007 12:17:20 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Modified Date = 26/05/2007 11:20:36 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 27/03/2007 08:49:00 | Attr = ]
UPX! , -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Modified Date = 26/05/2007 11:27:54 | Attr = ]
UPX! , -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Modified Date = 28/05/2007 12:12:24 | Attr = ]
UPX! , -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Modified Date = 27/05/2007 12:11:00 | Attr = ]
UPX! , -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Modified Date = 28/05/2007 12:12:30 | Attr = ]
PEC2 , PECompact2 , -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Modified Date = 26/05/2007 11:20:26 | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 10/09/2001 22:15:36 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
PEC2 , -> %System32%\dllcache\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 10/09/2001 22:15:36 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/05/2007 12:17:20 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]

< End of report >

thank you

neildush
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » May 28th, 2007, 7:37 pm

neildush,
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
MarketResearch
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Please note that as long as you're using any form of Peer-to-Peer networking (uTorrent, Bittorrent, Frostwire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may decide to continue P2P sharing, but keep in mind that this practice may be (LIKELY IS) the source of your current malware infestation.
Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/
Regardless of the program used, the practice of file-sharing is very unsafe for the health of your PC.
If any version of Bittorrent or other opensource program is downloaded from anywhere but sourceforge.net, it may have been modified to itself contain spyware.
I would Uninstall all of the ones you have now, just for starters. Then if you insist on having one, get Bittorrent or utorrent from the originator only.
------------------------------------------------------
Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {0777FDE1-50AB-4E2F-8DC8-23548E111F93} [HKLM] -> %System32%\efccdaa.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> efccdaa -> efccdaa.dll
YY -> rqomn -> %System32%\rqomn.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {84466F10-9770-4B84-8CA9-4F9FB1D77FA0} [HKLM] -> %System32%\rqomn.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Files/Folders - Created Within 30 days]
NY -> eaypchub.dll -> %System32%\eaypchub.dll
NY -> hotmwksn.dll -> %System32%\hotmwksn.dll
NY -> ihwnonpk.ini -> %System32%\ihwnonpk.ini
NY -> jbkohjkr.dll -> %System32%\jbkohjkr.dll
NY -> jvdfkbik.dll -> %System32%\jvdfkbik.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> nmoqr.bak1 -> %System32%\nmoqr.bak1
NY -> nmoqr.bak2 -> %System32%\nmoqr.bak2
NY -> nmoqr.ini -> %System32%\nmoqr.ini
NY -> nmoqr.tmp -> %System32%\nmoqr.tmp
NY -> nskwmtoh.ini -> %System32%\nskwmtoh.ini
[Files/Folders - Modified Within 30 days]
NY -> g757549.exe -> %SystemRoot%\g757549.exe
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> nmoqr.bak1 -> %System32%\nmoqr.bak1
NY -> nmoqr.bak2 -> %System32%\nmoqr.bak2
NY -> nmoqr.ini -> %System32%\nmoqr.ini
NY -> nskwmtoh.ini -> %System32%\nskwmtoh.ini
[File String Scan - Non-Microsoft Only]
NY -> UPX! , -> %System32%\eaypchub.dll
NY -> UPX! , -> %System32%\hotmwksn.dll
NY -> UPX! , -> %System32%\jbkohjkr.dll
NY -> UPX! , -> %System32%\jvdfkbik.dll

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

scan complete

Unread postby neildush » May 29th, 2007, 7:30 pm

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0777FDE1-50AB-4E2F-8DC8-23548E111F93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0777FDE1-50AB-4E2F-8DC8-23548E111F93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccdaa deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqomn deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\rqomn.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84466F10-9770-4B84-8CA9-4F9FB1D77FA0} not found.
File move failed. C:\WINDOWS\SYSTEM32\rqomn.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\eaypchub.dll moved successfully.
C:\WINDOWS\SYSTEM32\hotmwksn.dll moved successfully.
C:\WINDOWS\SYSTEM32\ihwnonpk.ini moved successfully.
C:\WINDOWS\SYSTEM32\jbkohjkr.dll moved successfully.
C:\WINDOWS\SYSTEM32\jvdfkbik.dll moved successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp moved successfully.
C:\WINDOWS\SYSTEM32\nmoqr.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\nmoqr.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\nmoqr.ini moved successfully.
File C:\WINDOWS\SYSTEM32\nmoqr.tmp not found!
C:\WINDOWS\SYSTEM32\nskwmtoh.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\g757549.exe moved successfully.
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\nmoqr.bak1 not found!
File C:\WINDOWS\SYSTEM32\nmoqr.bak2 not found!
File C:\WINDOWS\SYSTEM32\nmoqr.ini not found!
File C:\WINDOWS\SYSTEM32\nskwmtoh.ini not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\eaypchub.dll not found!
File C:\WINDOWS\SYSTEM32\hotmwksn.dll not found!
File C:\WINDOWS\SYSTEM32\jbkohjkr.dll not found!
File C:\WINDOWS\SYSTEM32\jvdfkbik.dll not found!
< End of log >
Created on 05/29/2007 08:56:13


Hi

Still having pop ups, they include:

amaena, winantivirus, hollywood, mydebtsolution

Cheers,

neildush
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » May 29th, 2007, 8:33 pm

neildush,
------------------------------------------------------------
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix will encounter a file it cannot remove.
In that case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby neildush » May 30th, 2007, 4:10 am

havent run vundo yet will do so later here is a spyfrom last night:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 08:44:01 30/05/2007

+ Scan result:



C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022790.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[180] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[820] C:\WINDOWS\system32\rqomn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP78\A0022799.exe -> Downloader.Tiny.ha : Cleaned with backup (quarantined).
C:\WINDOWS\system32\klikalka.exe -> Hijacker.Small.mv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\autosys.exe -> Logger.Agent.pn : Cleaned with backup (quarantined).


::Report end


other items removed by AVG:

easychub.dll, hotmwksn.dll, jbkohjkr.dll, jvdfkbik.dll
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

vundofix and htl

Unread postby neildush » May 30th, 2007, 4:16 pm

Logfile of HijackThis v1.99.1
Scan saved at 21:15:30, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {865C707F-DBBD-4CCE-AC3F-4F0B8579C58F} - C:\WINDOWS\system32\rqomn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to avgas.lnk = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to avgas.lnk = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156297066
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156286962
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B3AD68-B70F-4A49-8CCC-129451DDDB52}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windtv32 - windtv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Vundofix:


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 09:18:23 30/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\nmoqr.ini
C:\WINDOWS\system32\rqomn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\nmoqr.ini
C:\WINDOWS\system32\nmoqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqomn.dll
C:\WINDOWS\system32\rqomn.dll Has been deleted!

Performing Repairs to the registry.
Done!
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » May 30th, 2007, 4:26 pm

neildush,
Log is clean, and Vundo removed, at least.
How is the computer behaving?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby neildush » June 10th, 2007, 7:18 pm

computer is running well. virus scan picks up rqomn.dll when it scans.

cheers,

neildush
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby askey127 » June 11th, 2007, 2:18 am

neildush,
------------------------------------------------------------
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix will encounter a file it cannot remove.
In that case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware