Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

multiple threats found

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

multiple threats found

Unread postby andrewgrizz » July 4th, 2008, 1:24 pm

Can some help me please, after running 3 different software scanners i have found 24 different threats.

Spybot found 3 Virtumonde.dll trojans, spyeraser found 6 spyware, these 6 succesfully removed,unknown if spybot completly removed the trojans but rescan found nil so guess it must have. My main problem is After scanning my system with Malwarebytes' anti-malware it found 15 threats Vundo trojan, not all threats removed. I am posting this log for advice on sorting out left overs.

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 3

18:01:17 04/07/2008
mbam-log-7-4-2008 (18-01-17).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 74912
Time elapsed: 22 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayxyvsr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\awtsQihe.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{408752ef-9206-4cf9-92a1-742723840fb2} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{408752ef-9206-4cf9-92a1-742723840fb2} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{68d34a20-bdfd-412b-ab60-dc34bb1aef23} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d34a20-bdfd-412b-ab60-dc34bb1aef23} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsqihe (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{68d34a20-bdfd-412b-ab60-dc34bb1aef23} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyvsr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyvsr -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayxyvsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rsvyxyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsvyxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsQihe.dll (Trojan.Vundo) -> Delete on reboot.
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Advanced WindowsCare 3 Beta
avast! Antivirus
CCleaner (remove only)
COMODO Firewall Pro
Eusing Free Registry Cleaner
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Driver Diagnostics
HP Image Zone Express
HP Software Update
IE7Pro
Java(TM) 6 Update 6
K-Lite Codec Pack 3.9.5 (Full)
Malwarebytes' Anti-Malware
MediaBar
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
Nero 7 Premium
neroxml
OpenOffice.org 2.4
Paragon Drive Backup 8 Special Edition
PC Pitstop Driver Alert 1.0
PC Pitstop Optimize 1.0v
PeerGuardian 2.0
Realtek AC'97 Audio
Revo Uninstaller 1.71
Secunia PSI (RC3)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB913433)
SiS 650
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Unlocker 1.8.7
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR
WinRAR archiver

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:11, on 04/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {12BF259D-F58E-4707-9DF4-D8E9461C8C4A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {408752EF-9206-4CF9-92A1-742723840FB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D34A20-BDFD-412B-AB60-DC34BB1AEF23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5524D09-1E03-4D09-B967-8D5AE29D13FB} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: http://www.ashampoo.co.uk
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3390563015
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: awtsQihe - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7734 bytes

thankyou for your help. :evil:
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am
Advertisement
Register to Remove

Re: multiple threats found

Unread postby Scotty » July 4th, 2008, 3:24 pm

Hi
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. For Vista users, right-click DSS and select Run As Administrator
  4. If asked to install HijackThis click on Yes
  5. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  6. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 5th, 2008, 6:16 am

Thanks for reply, scan log files attached. cheers 8)

Deckard's System Scanner v20071014.68
Run by andrew adams on 2008-07-05 10:55:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-07-05 09:55:52 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-07-04 20:37:57 UTC - RP8 - Advanced WindowsCare RestorePoint
7: 2008-07-04 20:33:58 UTC - RP7 - Revo Uninstaller's restore point - dBpoweramp Music Converter
6: 2008-07-04 20:20:25 UTC - RP6 - Removed Sony Ericsson PC Suite
5: 2008-07-04 20:16:34 UTC - RP5 - Revo Uninstaller's restore point - Sony Ericsson PC Suite


-- First Restore Point --
1: 2008-07-04 14:08:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as andrew adams.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:59, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\andrew adams.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {12BF259D-F58E-4707-9DF4-D8E9461C8C4A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {408752EF-9206-4CF9-92A1-742723840FB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D34A20-BDFD-412B-AB60-DC34BB1AEF23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5524D09-1E03-4D09-B967-8D5AE29D13FB} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: http://www.ashampoo.co.uk
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3390563015
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: awtsQihe - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7775 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 hotcore - c:\windows\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 ASFWHide - c:\docume~1\andrew~1\locals~1\temp\asfwhide (file missing)
S3 DarkSpy - c:\windows\system32\darkspykernel.sys (file missing)
S3 MTC0001_MPB (MPB device driver) - c:\windows\system32\ntmpb.sys <Not Verified; ; ESB driver>
S3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 10:37:25 426 --a------ C:\WINDOWS\Tasks\AWC Update.job
2008-07-04 20:56:59 414 --a------ C:\WINDOWS\Tasks\AWC AutoSweep.job
2008-07-04 17:04:55 420 --a------ C:\WINDOWS\Tasks\AWC AutoCare.job
2008-07-03 20:11:20 284 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-07-03 20:09:47 406 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-07-03 12:14:57 352 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-07-03 11:24:09 278 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-04 20:01:25 0 d-------- C:\Documents and Settings\andrew adams\Application Data\AccurateRip
2008-07-04 20:00:39 0 d-------- C:\Program Files\Illustrate
2008-07-04 19:20:41 0 d-------- C:\Program Files\Disc2Phone
2008-07-04 19:17:32 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Sony Ericsson
2008-07-04 19:16:43 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Teleca
2008-07-04 19:10:45 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-04 19:08:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-04 19:08:14 0 d-------- C:\Program Files\Sony Ericsson
2008-07-04 18:29:18 0 d-------- C:\Program Files\Trend Micro
2008-07-04 15:13:57 0 dr-h----- C:\Documents and Settings\andrew adams\Recent
2008-07-03 20:13:36 345 --ahs---- C:\WINDOWS\system32\BIPVwGgh.ini2
2008-07-03 10:50:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-03 10:50:03 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Uniblue
2008-07-03 10:49:18 0 d-------- C:\Program Files\Uniblue
2008-07-02 12:51:36 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 12:45:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 23:09:37 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-06-29 23:09:37 0 d-------- C:\Documents and Settings\andrew adams\Application Data\IObit
2008-06-29 12:51:27 0 d-------- C:\Program Files\IObit
2008-06-29 11:10:40 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Malwarebytes
2008-06-29 11:10:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 11:10:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 12:26:50 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Ahead
2008-06-27 12:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-27 12:14:10 0 d-------- C:\Program Files\Nero
2008-06-27 12:14:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 11:44:24 0 d-------- C:\Program Files\MSXML 4.0
2008-06-21 15:52:22 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-21 15:52:15 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; http://www.helixcommunity.org; Helix YV12 YUV Codec>
2008-06-21 15:52:13 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-21 15:52:13 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-21 15:52:11 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-21 15:52:11 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-21 15:52:04 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-21 15:51:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-21 12:01:04 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Real
2008-06-20 19:59:29 0 d-------- C:\Program Files\PeerGuardian2
2008-06-19 22:00:18 0 d-------- C:\WINDOWS\pss
2008-06-18 18:34:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-18 18:15:33 0 d-------- C:\Program Files\Realtek AC97
2008-06-18 17:06:18 0 d-------- C:\Program Files\uTorrent
2008-06-18 17:06:12 0 d-------- C:\Documents and Settings\andrew adams\Application Data\uTorrent
2008-06-18 16:43:47 0 d-------- C:\Program Files\sisagp
2008-06-18 16:43:40 110592 --a------ C:\WINDOWS\system32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2008-06-18 16:43:39 65536 --a------ C:\WINDOWS\system32\SiSHook.dll <Not Verified; Silicon Integrated Systems Corporation; SiSHook Dynamic Link Library>
2008-06-18 16:43:23 49152 --a------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS Power Scheme Library>
2008-06-18 16:43:23 258048 --a------ C:\WINDOWS\system32\SiSParse.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Script Parser Dynamic Link Library>
2008-06-18 16:43:23 49152 --a------ C:\WINDOWS\system32\SiSBase.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA SiSBase Dynamic Link Library>
2008-06-18 16:43:22 36864 --a------ C:\WINDOWS\InstFunc.exe
2008-06-18 16:43:22 7168 --a------ C:\WINDOWS\InstFunc.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA InstFunc Dynamic Link Library>
2008-06-18 16:40:55 0 d-------- C:\Program Files\SiS VGA Utilities V3.73
2008-06-18 16:28:16 0 d-------- C:\Documents and Settings\andrew adams\Application Data\WinRAR
2008-06-17 22:36:27 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-17 16:44:31 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Image Zone Express
2008-06-17 16:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-17 16:33:38 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-17 16:28:38 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-17 16:16:18 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-06-17 16:16:18 73728 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-06-17 16:16:18 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-06-17 16:16:17 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-06-17 16:16:17 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-06-17 16:16:17 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-06-17 13:33:40 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-16 22:44:47 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-16 22:44:29 0 d-------- C:\Program Files\COMODO
2008-06-16 20:28:43 0 d-------- C:\Program Files\VS Revo Group
2008-06-16 18:03:50 0 d-------- C:\WINDOWS\Sun
2008-06-16 16:47:24 0 d-------- C:\Program Files\Java
2008-06-16 16:47:15 0 d-------- C:\Program Files\Common Files\Java
2008-06-16 16:44:56 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Sun
2008-06-16 14:41:33 0 d-------- C:\Documents and Settings\andrew adams\Application Data\OpenOffice.org2
2008-06-16 14:31:34 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-16 09:31:08 7808 --a------ C:\WINDOWS\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
2008-06-15 21:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-15 21:27:21 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 21:06:22 0 d-------- C:\Program Files\Secunia
2008-06-15 15:46:04 30820 --a------ C:\WINDOWS\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup>
2008-06-15 15:45:36 232960 --a------ C:\WINDOWS\system32\prgiso.dll
2008-06-15 15:45:28 8192 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-06-15 15:45:28 4239360 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2008-06-15 15:44:50 0 d-------- C:\Program Files\Paragon Software
2008-06-15 14:10:01 0 d-------- C:\Program Files\Common Files\HP
2008-06-15 13:07:25 112892 --a------ C:\WINDOWS\hpoins07.dat
2008-06-15 13:07:24 21124 -----n--- C:\WINDOWS\hpomdl07.dat
2008-06-15 13:06:32 0 d-------- C:\Documents and Settings\andrew adams\Application Data\HP
2008-06-15 13:02:05 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
2008-06-15 12:52:08 0 d-------- C:\Temp
2008-06-15 12:28:41 0 d-------- C:\Program Files\Hp
2008-06-15 11:57:11 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 11:21:12 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Thunderbird
2008-06-15 11:21:12 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Mozilla
2008-06-15 11:20:22 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 11:18:40 0 d-------- C:\Documents and Settings\andrew adams\Application Data\MiniDm
2008-06-14 23:58:02 0 d-------- C:\Documents and Settings\andrew adams\Application Data\IEPro
2008-06-14 23:56:47 0 d-------- C:\Program Files\IEPro
2008-06-14 18:31:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-06-14 18:30:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-14 16:50:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-14 16:46:05 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-14 16:46:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-14 16:13:41 0 d-------- C:\Program Files\CCleaner
2008-06-14 15:22:36 0 d-------- C:\Program Files\Alwil Software
2008-06-14 15:11:15 0 d-------- C:\Program Files\PCPitstop
2008-06-14 12:04:26 0 d-------- C:\WINDOWS\Prefetch
2008-06-14 11:52:02 0 d-------- C:\Program Files\Messengeroff
2008-06-14 11:51:15 0 d-------- C:\WINDOWS\system32\scripting
2008-06-14 11:51:10 0 d-------- C:\WINDOWS\l2schemas
2008-06-14 11:51:08 0 d-------- C:\WINDOWS\system32\en
2008-06-14 11:42:44 0 d-------- C:\WINDOWS\network diagnostic
2008-06-14 03:27:54 446464 --a------ C:\WINDOWS\system32\wmvdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-06-14 03:27:53 1677312 --a------ C:\WINDOWS\system32\wmvcore2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-06-14 03:27:52 311327 --a------ C:\WINDOWS\system32\wmv8dmod.dll <Not Verified; Microsoft Corporation; Window Media Video>
2008-06-14 03:27:50 77824 --a------ C:\WINDOWS\system32\wmpstub.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-06-14 03:22:38 241725 --a------ C:\WINDOWS\system32\msuni11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
2008-06-14 03:22:20 368710 --a------ C:\WINDOWS\system32\msisam11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
2008-06-14 03:21:48 163840 --a------ C:\WINDOWS\system32\mindex.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-06-14 03:13:03 0 d-------- C:\WINDOWS\I386
2008-06-14 03:06:51 0 dr------- C:\Program Files
2008-06-14 03:06:48 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-14 03:06:48 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-14 03:06:48 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-06-14 03:06:47 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-14 03:06:47 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-14 03:06:42 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-14 03:06:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-14 03:04:29 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-14 02:59:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-14 02:56:32 0 d-------- C:\WINDOWS\CACHE
2008-06-14 02:45:06 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-14 02:04:56 0 d-------- C:\WINDOWS\provisioning
2008-06-14 02:01:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 01:49:01 0 d-------- C:\WINDOWS\EHome
2008-06-14 00:43:13 0 d-------- C:\WINDOWS\WinRAR
2008-06-14 00:01:59 0 d-------- C:\Documents and Settings\andrew adams\Application Data\RetinaX
2008-06-13 23:33:49 0 d-------- C:\Documents and Settings\andrew adams\Application DataRetinax
2008-06-13 23:28:07 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Macromedia
2008-06-13 23:28:07 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Adobe
2008-06-13 23:17:17 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Comodo
2008-06-13 22:22:56 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:56 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:56 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:55 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-13 22:22:55 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-13 22:22:48 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-06-13 22:22:48 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-06-13 22:22:47 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:47 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:46 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:46 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:45 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:44 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:42 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:41 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:40 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:22:39 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:18:51 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-13 22:04:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 21:58:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-13 20:56:40 0 d-------- C:\WINDOWS\system32\bits
2008-06-13 20:55:07 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-13 20:55:01 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-13 20:50:58 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-13 20:49:41 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-13 20:42:23 0 dr------- C:\Documents and Settings\andrew adams\Favorites
2008-06-13 20:42:23 0 d-------- C:\Documents and Settings\andrew adams\Desktop
2008-06-13 20:42:23 0 d--hs---- C:\Documents and Settings\andrew adams\Cookies
2008-06-13 20:42:23 0 dr-h----- C:\Documents and Settings\andrew adams\Application Data
2008-06-13 20:42:23 0 d-------- C:\Documents and Settings\andrew adams\Application Data\Identities
2008-06-13 20:42:22 0 d-------- C:\Documents and Settings\andrew adams\WINDOWS
2008-06-13 20:42:22 0 d--hs---- C:\Documents and Settings\andrew adams\UserData
2008-06-13 20:42:22 0 d--h----- C:\Documents and Settings\andrew adams\Templates
2008-06-13 20:42:22 0 dr------- C:\Documents and Settings\andrew adams\Start Menu
2008-06-13 20:42:22 0 dr-h----- C:\Documents and Settings\andrew adams\SendTo
2008-06-13 20:42:22 0 d--h----- C:\Documents and Settings\andrew adams\PrintHood
2008-06-13 20:42:22 5242880 --ah----- C:\Documents and Settings\andrew adams\NTUSER.DAT
2008-06-13 20:42:22 0 d--h----- C:\Documents and Settings\andrew adams\NetHood
2008-06-13 20:42:22 0 dr------- C:\Documents and Settings\andrew adams\My Documents
2008-06-13 20:42:22 0 d--h----- C:\Documents and Settings\andrew adams\Local Settings
2008-06-13 20:40:29 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-13 20:40:29 0 d---s---- C:\Documents and Settings\Default User\UserData
2008-06-13 20:37:59 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-04 21:30:22 0 d-------- C:\Program Files\Common Files
2008-07-02 14:34:13 2165 --a------ C:\Documents and Settings\andrew adams\Application Data\HPSU_48BitScanUpdate.log
2008-07-02 14:08:35 24133 --a------ C:\Documents and Settings\andrew adams\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-07-02 14:08:16 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-06-27 12:21:39 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-27 11:51:47 0 d-------- C:\Program Files\Ahead
2008-06-26 16:38:25 0 d-------- C:\Program Files\Common Files\AOL
2008-06-18 16:45:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 22:31:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-14 11:51:07 0 d-------- C:\Program Files\Movie Maker
2008-06-14 11:45:59 0 d-------- C:\Program Files\Windows NT
2008-06-14 03:32:13 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-13 20:49:39 0 d--h----- C:\Program Files\WindowsUpdate


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12BF259D-F58E-4707-9DF4-D8E9461C8C4A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
11/06/2008 22:33 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{408752EF-9206-4CF9-92A1-742723840FB2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D34A20-BDFD-412B-AB60-DC34BB1AEF23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5524D09-1E03-4D09-B967-8D5AE29D13FB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/02/2003 01:49]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/12/2007 17:20]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [09/03/2006 03:03]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [24/09/2002 09:50]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [16/06/2008 22:44]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
"SiSPower"="SiSPower.dll" [09/03/2006 03:04 C:\WINDOWS\system32\SiSPower.dll]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12/06/2008 02:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [30/01/2007 00:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [27/06/2008 16:47]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [03/07/2008 12:10]
"Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [22/06/2008 11:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [3/5/2004 4:17:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQihe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew adams^Start Menu^Programs^Startup^Secunia PSI (RC3).lnk]
backup=C:\WINDOWS\pss\Secunia PSI (RC3).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"Fax"=2 (0x2)
"NMIndexingService"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f83948-397f-11dd-beb4-00038a000015}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

8772 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-05 11:11:42 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.60GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 223.48 MiB / 35.12 MiB
Pagefile Memory (total/avail): 4208.3 MiB / 3760.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.02 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 23.27 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 37.62 GiB total, 28.95 GiB free.
G: is Fixed (NTFS) - 39.07 GiB total, 38.68 GiB free.

\\.\PHYSICALDRIVE0 - TOSHIBA MK4025GAS - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - HDS72808 0PLAT20 USB Device - 76.69 GiB - 2 partitions
\PARTITION0 - Installable File System - 37.62 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 39.07 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\andrew adams\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-K3KASNB05
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\andrew adams
LOGONSERVER=\\OWNER-K3KASNB05
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Thunderbird;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp
USERDOMAIN=OWNER-K3KASNB05
USERNAME=andrew adams
USERPROFILE=C:\Documents and Settings\andrew adams
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

andrew adams (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\Documents and Settings\andrew adams\Local Settings\Application Data\Abacast\uninst.exe
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Driver Diagnostics --> MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
IE7Pro --> C:\Program Files\IEPro\uninst.exe
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaBar --> C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Nero 7 Premium --> MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 2.4 --> MsiExec.exe /I{80851370-07CF-477B-837D-F2E488916CFE}
Paragon Drive Backup 8 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}\Setup.exe" -l0x9
PC Pitstop Driver Alert 1.0 --> "C:\Program Files\PCPitstop\Driver Alert\unins000.exe"
PC Pitstop Optimize 1.0v --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Secunia PSI (RC3) --> "C:\Program Files\Secunia\PSI (RC3)\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 650 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.14A\DeIsL1.isu"&P.U 4 sisgr.inf&-1
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem24.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> "C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type864 / Warning
Event Submitted/Written: 07/04/2008 09:56:39 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C506A18C-1469-4678-B094-F4EC9DAE6DB7}', feature 'Scan' failed during request for component '{5FF21F12-FDC3-4FB0-A6BE-04FE524B1C11}'

Event Record #/Type863 / Warning
Event Submitted/Written: 07/04/2008 09:56:39 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C506A18C-1469-4678-B094-F4EC9DAE6DB7}', feature 'Scan', component '{00F96358-A54A-4FB9-8144-C90F621489FB}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\LeadToolsPath' does not exist.

Event Record #/Type862 / Warning
Event Submitted/Written: 07/04/2008 09:56:35 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C506A18C-1469-4678-B094-F4EC9DAE6DB7}', feature 'Scan' failed during request for component '{5FF21F12-FDC3-4FB0-A6BE-04FE524B1C11}'

Event Record #/Type861 / Warning
Event Submitted/Written: 07/04/2008 09:56:35 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C506A18C-1469-4678-B094-F4EC9DAE6DB7}', feature 'Scan', component '{00F96358-A54A-4FB9-8144-C90F621489FB}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\LeadToolsPath' does not exist.

Event Record #/Type860 / Warning
Event Submitted/Written: 07/04/2008 09:56:32 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C506A18C-1469-4678-B094-F4EC9DAE6DB7}', feature 'Scan' failed during request for component '{5FF21F12-FDC3-4FB0-A6BE-04FE524B1C11}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3000 / Error
Event Submitted/Written: 07/05/2008 10:36:23 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Event Record #/Type2973 / Error
Event Submitted/Written: 07/04/2008 09:00:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Web Scanner service failed to start due to the following error:
%%1053

Event Record #/Type2972 / Error
Event Submitted/Written: 07/04/2008 09:00:37 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

Event Record #/Type2969 / Error
Event Submitted/Written: 07/04/2008 08:59:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Security Center service terminated with the following error:
%%16389

Event Record #/Type2963 / Error
Event Submitted/Written: 07/04/2008 08:57:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Web Scanner service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-07-05 11:11:42 ------------
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Scotty » July 5th, 2008, 11:13 am

Hi

How did the reformat go last November?

Disable Teatimer
First:

  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident

Second:

  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\BIPVwGgh.ini2
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12BF259D-F58E-4707-9DF4-D8E9461C8C4A}
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{408752EF-9206-4CF9-92A1-742723840FB2}
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D34A20-BDFD-412B-AB60-DC34BB1AEF23}
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5524D09-1E03-4D09-B967-8D5AE29D13FB}
    ASFWHide <delete service>
    DarkSpy <delete service>
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 5th, 2008, 2:07 pm

As requested all logs attached.

Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 5.1.2600 Service Pack 3

19:03:40 05/07/2008
mbam-log-7-5-2008 (19-03-40).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 82561
Time elapsed: 29 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:11, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {12BF259D-F58E-4707-9DF4-D8E9461C8C4A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {408752EF-9206-4CF9-92A1-742723840FB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D34A20-BDFD-412B-AB60-DC34BB1AEF23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5524D09-1E03-4D09-B967-8D5AE29D13FB} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: http://www.ashampoo.co.uk
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3390563015
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: awtsQihe - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7741 bytes
C:\WINDOWS\system32\BIPVwGgh.ini2 moved successfully.
File/Folder HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12BF259D-F58E-4707-9DF4-D8E9461C8C4A} not found.
File/Folder HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{408752EF-9206-4CF9-92A1-742723840FB2} not found.
File/Folder HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D34A20-BDFD-412B-AB60-DC34BB1AEF23} not found.
File/Folder HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5524D09-1E03-4D09-B967-8D5AE29D13FB} not found.
Service not present: ASFWHide.
Service not present: DarkSpy.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_182718
Thanks for your help
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Scotty » July 5th, 2008, 2:45 pm

Hi

Did you add those websites to the Trusted Zone yourself?

Warning.Please note that this fix is specific for this poster and should not be used by anyone else:

1. Before we make changes to your registry, we need to make a back up.

Backup Your Registry with ERUNT
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.

    Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


    2. Please do this:

    • Copy the contents of the Code Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop

Code: Select all
REGEDIT4 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12BF259D-F58E-4707-9DF4-D8E9461C8C4A}]

[-HKEY_CLASSES_ROOT\CLSID\{12BF259D-F58E-4707-9DF4-D8E9461C8C4A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{408752EF-9206-4CF9-92A1-742723840FB2}]

[-HKEY_CLASSES_ROOT\CLSID\{408752EF-9206-4CF9-92A1-742723840FB2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68D34A20-BDFD-412B-AB60-DC34BB1AEF23}]

[-HKEY_CLASSES_ROOT\CLSID\{68D34A20-BDFD-412B-AB60-DC34BB1AEF23}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5524D09-1E03-4D09-B967-8D5AE29D13FB}]

[-HKEY_CLASSES_ROOT\CLSID\{B5524D09-1E03-4D09-B967-8D5AE29D13FB}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsQihe]

Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes. Reboot the computer then run HijackThis and post the new log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 5th, 2008, 3:44 pm

thanks for ongoing help. much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:04, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: http://www.ashampoo.co.uk
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3390563015
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7365 bytes
Thanks 8)
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Scotty » July 5th, 2008, 3:45 pm

What about these?
O15 - Trusted Zone: http://www.ashampoo.co.uk
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk


Are they sites you use?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 6th, 2008, 6:30 am

Morning thanks for reply. All but Ashampoo are email lottery i play for free daily. Not apart of system. Ashampoo used to be my firewall. but i believed it removed,i will go through my system again to find it and remove it. Thankyou. :thumbright:
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Scotty » July 6th, 2008, 6:48 am

Hi

No need to hunt.


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked exit HijackThis and reboot.

CleanUp
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Finally,post back with a new HijackThis log, and let me know how the computer is behaving.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 6th, 2008, 10:59 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:59, on 06/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O15 - Trusted Zone: http://www.bananalotto.co.uk
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: http://www.kinglotto.co.uk
O15 - Trusted Zone: http://www.loopylotto.co.uk
O15 - Trusted Zone: http://www.luckysurf.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3390563015
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6084 bytes
As requested the latest HJthis log. System seems to be OK, since using Erunt and regopt software,my computer seems to have a new lease of life. I will continue my daily scans to check for threats. My last threats must have come in by stealth,due to my anti-virus nor firewall told me of attack. I have changed my firewall from comodo to Zone alarm, which makes start up faster. Thankyou for all your help in solving my problems it was very much appreciated. problems solved. thanks :thumbright:
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Scotty » July 6th, 2008, 11:36 am

Hi

Congratulations, you appear to be malware free.

First we need to flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another couple of free programs I recommend.

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool.

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.


Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here is a good Hosts file:

MVPS Hosts File

A tutorial about Hosts File can be found at Malware Removal.


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.


Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malwareremoval.com/viewtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: multiple threats found

Unread postby andrewgrizz » July 6th, 2008, 3:34 pm

Thankyou for all your help it was very much appreciated. I followed your recommendations and downloaded and installed,the software and hosts file. it is very good of you to help. Cheers
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: multiple threats found

Unread postby Gary R » July 7th, 2008, 6:24 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware