Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Invisible Popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Invisible Popups

Unread postby unknut » March 27th, 2009, 5:50 am

Hi, I'm having an "Invisible Pop-up" problem. Every so often its like something will open in the background, when i go to my task manager it says there is a internet explorer window open, but there is none visible. It minimizes all my games while im playing and after it does this a couple of times and i dont end process on the internet explorer process there will be ads playing through my speakers, sometimes sounds like a radio sometimes movie ad but they are all ads of some sort. Any help would be much appreciated, this problem has been going on for about 3 weeks and I still haven't figured it out. Here is my HijackThis log. Ever since I noticed this problem my Malwarebytes' Anti-Malware program doesnt work and I cant uninstall it either.

Logfile of HijackThis v1.99.1
Scan saved at 11:43:35 PM, on 3/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.141\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3168212828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: rqtzbt.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O20 - Winlogon Notify: tuvSjJby - tuvSjJby.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

Thank you very much in advanced.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am
Advertisement
Register to Remove

Re: Invisible Popups

Unread postby Dakeyras » April 2nd, 2009, 6:25 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi unknut and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Next:

Your anti-virus application Grisoft AVG7 is out of date, however due to the nature of the infections I have thus far identified I highly doubt we would be able to install a more up to date application at this time. As soon as your system is more stable we will address this as soon as possible. Do Not remove the application for the time being , leave it in place!

Next:

Since it has been five days, lets carry out a more in-depth scan of your computer first before anymore proactive measures OK as follows:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Please make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following:

  • Any problems encountered and or further symptoms?
  • Both RSIT logs. <-- Post them individually please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Invisible Popups

Unread postby unknut » April 2nd, 2009, 10:10 pm

Thank you very much for replying, as of right now the only thing else I can think of to add is that when i do a google search and I click a link i get forwarded to a random site instead of the site that i clicked on. I am using Firefox instead of the normal Internet Explorer browser. Here is the log.txt, I will post the info.txt in another reply like advised.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matthew Tio at 2009-04-02 16:05:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:35 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matthew Tio\Desktop\RSIT.exe
C:\Program Files\trend micro\Matthew Tio.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3168212828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rqtzbt.dll
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O20 - Winlogon Notify: tuvSjJby - tuvSjJby.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

--
End of file - 10288 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\tzjifdxi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
BHO - C:\WINDOWS\system32\iehelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-02-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-09-01 83968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-02-25 148888]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-02-24 590848]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"FLMK08KB"=C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE [2007-01-07 207360]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2008-10-28 681256]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe []
"Steam"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
""= []
"system tool"=C:\WINDOWS\sysguard.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

C:\Documents and Settings\Matthew Tio\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rqtzbt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32]
msldr32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSjJby]
tuvSjJby.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFind"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Common Files\AOL\1153880684\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1153880684\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\half-life\hl.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\team fortress classic\hl.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\deathmatch classic\hl.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\nataku320\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\nataku320\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\matthewtio@hotmail.com\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Matthew Tio\Local Settings\Temporary Internet Files\Content.IE5\AUMD5Y14\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe"="C:\Documents and Settings\Matthew Tio\Local Settings\Temporary Internet Files\Content.IE5\AUMD5Y14\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Matthew Tio\Local Settings\Temporary Internet Files\Content.IE5\DY27DG6T\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe"="C:\Documents and Settings\Matthew Tio\Local Settings\Temporary Internet Files\Content.IE5\DY27DG6T\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient.exe"
"C:\Program Files\Common Files\AOL\1153880684\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1153880684\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.ICD"="C:\Program Files\3DO\Heroes 3 Complete\HEROES3.ICD:*:Disabled:Heroes of Might and Magic® III"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Disabled:Rise of Nations"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Disabled:Rise of Nations"
"C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Disabled:sc_serv"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\kav\kav7\setup.exe"="C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d38f64-1b54-11de-bd2c-000e2e708351}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.reg - edit -
.reg - open - %SystemRoot%\system32\NOTEPAD.EXE %1
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-04-02 16:05:25 ----D---- C:\Program Files\trend micro
2009-04-02 16:05:23 ----D---- C:\rsit
2009-04-01 19:03:26 ----D---- C:\WINDOWS\LastGood
2009-03-30 21:43:09 ----D---- C:\Program Files\Microsoft
2009-03-30 21:42:53 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-30 21:42:30 ----D---- C:\Program Files\Windows Live
2009-03-30 21:40:55 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-30 19:41:11 ----SHD---- C:\Config.Msi
2009-03-28 01:14:08 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\U3
2009-03-21 19:42:45 ----D---- C:\Avenger
2009-03-21 19:42:45 ----A---- C:\avenger.txt
2009-03-17 01:26:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-09 23:05:35 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\Mozilla
2009-03-09 23:05:24 ----D---- C:\Program Files\Mozilla Firefox
2009-03-07 23:51:42 ----D---- C:\Program Files\SystemRequirementsLab
2009-03-07 22:28:14 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\Command & Conquer 3 Tiberium Wars
2009-03-07 22:27:58 ----RHD---- C:\Documents and Settings\Matthew Tio\Application Data\SecuROM
2009-03-07 22:27:57 ----A---- C:\WINDOWS\system32CmdLineExt.dll
2009-03-07 22:06:50 ----D---- C:\Program Files\Electronic Arts
2009-02-26 15:27:51 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\EVEMon
2009-02-26 15:27:44 ----D---- C:\Program Files\EVEMon
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-02-06 20:46:35 ----D---- C:\Documents and Settings\All Users\Application Data\CCP
2009-02-06 20:46:09 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-02-06 20:41:54 ----D---- C:\Program Files\CCP
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll

======List of files/folders modified in the last 2 months======

2009-04-02 16:05:25 ----RD---- C:\Program Files
2009-04-02 15:16:09 ----D---- C:\Matts folder
2009-04-02 14:35:34 ----D---- C:\WINDOWS\Temp
2009-04-02 14:35:34 ----D---- C:\WINDOWS\system32
2009-04-02 13:45:29 ----D---- C:\WINDOWS\Prefetch
2009-04-01 19:03:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-01 19:03:28 ----HD---- C:\WINDOWS\inf
2009-04-01 19:03:26 ----D---- C:\WINDOWS
2009-03-31 15:03:04 ----D---- C:\Program Files\Steam
2009-03-31 14:35:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-31 14:31:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 21:43:34 ----SHD---- C:\WINDOWS\Installer
2009-03-30 21:43:19 ----D---- C:\WINDOWS\WinSxS
2009-03-30 21:42:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-30 21:42:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-30 21:40:55 ----D---- C:\Program Files\Common Files
2009-03-29 22:56:58 ----D---- C:\Program Files\Warcraft III
2009-03-28 00:11:44 ----D---- C:\WINDOWS\Minidump
2009-03-24 21:46:57 ----A---- C:\WINDOWS\Kyor.ini
2009-03-21 23:27:48 ----D---- C:\Program Files\Diablo II
2009-03-21 19:42:46 ----D---- C:\WINDOWS\system32\drivers
2009-03-21 19:37:56 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\Azureus
2009-03-20 08:50:26 ----RHD---- C:\$VAULT$.AVG
2009-03-17 08:52:29 ----D---- C:\Documents and Settings\Matthew Tio\Application Data\AVG7
2009-03-13 08:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2009-03-09 23:20:05 ----D---- C:\Program Files\Opera
2009-03-07 23:57:53 ----D---- C:\WINDOWS\nview
2009-03-07 23:55:47 ----D---- C:\WINDOWS\Help
2009-03-07 23:55:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-07 23:54:50 ----D---- C:\NVIDIA
2009-03-07 23:51:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-07 22:02:28 ----D---- C:\Program Files\World of Warcraft
2009-03-07 22:01:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nview.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-18 14:44:00 ----A---- C:\WINDOWS\system32\keystone.exe
2009-02-16 23:17:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-02-16 23:03:29 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-22 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-02 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-02 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-02 4960]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-21 8064]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-08-01 20096]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-09-26 223128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-18 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-06 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LTower;LEGO USB Tower Driver; C:\WINDOWS\System32\Drivers\LTower.sys [2001-05-21 36981]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PAC207;Basic Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 506112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 rtl8185;G-302 v3 802.11g Wireless PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2005-10-20 282240]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-02 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-02-25 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-02-10 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby unknut » April 2nd, 2009, 10:11 pm

info.txt logfile of random's system information tool 1.06 2009-04-02 16:05:40

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Basic Webcam -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1A3DAE38-68E4-427B-ADEF-3FF146EE0DA5} /l1033
Bounce Out Blitz(TM)-->C:\PROGRA~1\SHOCKW~1.COM\BOUNCE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BOUNCE~1\INSTALL.LOG
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Collapse II-->C:\PROGRA~1\SHOCKW~1.COM\COLLAP~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\COLLAP~1\INSTALL.LOG
Combined Community Codec Pack 2006-07-28 (Remove Only)-->C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
ConvertXtoDVD 2.2.3.258h-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
CopyPod (remove only)-->"C:\Program Files\CopyPod\uninstall.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digby's Donuts-->C:\PROGRA~1\SHOCKW~1.COM\DIGBY'~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DIGBY'~1\INSTALL.LOG
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
EVEMon-->C:\Program Files\EVEMon\uninstall.exe
EVE-ONLINE (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GNU Octave 2.1.73-->C:\Program Files\GNU Octave 2.1.73\uninstall.exe
Heroes of Might and Magic III Complete-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes 3 Complete\Heroes of Might and Magic III Complete.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Luxor-->C:\PROGRA~1\SHOCKW~1.COM\Luxor\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\Luxor\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Muiltmedia keyboard utility 1.3-->C:\Program Files\Muiltmedia keyboard utility\1.3\uninst00.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave.com Zuma-->C:\PROGRA~1\SHOCKW~1.COM\Zuma\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\Zuma\INSTALL.LOG
SHOUTcast DNAS (remove only)-->"C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only)-->C:\Program Files\Winamp\uninst-dsp.exe
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Rosetta Stone Classic-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\Classic\uninstal.log
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~3\Setup.exe /remove /q0
V CAST Music-->MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
WebCam Suite 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF157E38-A290-4265-844B-687E5707899E}\Setup.exe" -l0x9
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

195.245.119.131 browser-security.microsoft.com

======Security center information======

AV: AVG 7.5.557

======System event log======

Computer Name: MATTHEW
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 79030
Source Name: Cdrom
Time Written: 20081028220637.000000-600
Event Type: error
User:

Computer Name: MATTHEW
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 79029
Source Name: Cdrom
Time Written: 20081028220636.000000-600
Event Type: error
User:

Computer Name: MATTHEW
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 79028
Source Name: Cdrom
Time Written: 20081028220635.000000-600
Event Type: error
User:

Computer Name: MATTHEW
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 79027
Source Name: Cdrom
Time Written: 20081028220634.000000-600
Event Type: error
User:

Computer Name: MATTHEW
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 79026
Source Name: Cdrom
Time Written: 20081028220633.000000-600
Event Type: error
User:

=====Application event log=====

Computer Name: MATTHEW
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 23
Source Name: Microsoft Fax
Time Written: 20080406214657.000000-600
Event Type: warning
User:

Computer Name: MATTHEW
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 15
Source Name: Microsoft Fax
Time Written: 20080404084135.000000-600
Event Type: warning
User:

Computer Name: MATTHEW
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 14
Source Name: Microsoft Fax
Time Written: 20080404084135.000000-600
Event Type: warning
User:

Computer Name: MATTHEW
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 6
Source Name: Microsoft Fax
Time Written: 20080403223505.000000-600
Event Type: warning
User:

Computer Name: MATTHEW
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 5
Source Name: Microsoft Fax
Time Written: 20080403223505.000000-600
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby unknut » April 2nd, 2009, 10:14 pm

I guess I can also add that I have gotten a couple of blue screens of death recently. I haven't gotten any of those ever on this computer until I got infected. I'm hoping its only because what ever is on my computer overloaded my memory or something instead of an actual critical error that it has caused. I'm not sure if this is needed information or not but thought I should add it just in case.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby Dakeyras » April 3rd, 2009, 6:37 am

Hi :)

Take your time with the below and make sure to read everything. If anything you do not understand and or any questions just ask myself OK :thumbup:

Thank you very much for replying, as of right now the only thing else I can think of to add is that when i do a google search and I click a link i get forwarded to a random site instead of the site that i clicked on. I am using Firefox instead of the normal Internet Explorer browser. Here is the log.txt, I will post the info.txt in another reply like advised.
You're welcome! And thanks for the update on your computers situation.

I guess I can also add that I have gotten a couple of blue screens of death recently. I haven't gotten any of those ever on this computer until I got infected. I'm hoping its only because what ever is on my computer overloaded my memory or something instead of an actual critical error that it has caused. I'm not sure if this is needed information or not but thought I should add it just in case.
This mainly can be attributed to the malware currently infesting your computer. I hope you have taken the advice in my prior post concerning backing up. I will be upfront with your good self, this is a badly infected system and I suspect there are even worse infections I have not yet detected.

You have a lot of out of date applications installed apart from the aforementioned Anti-Virus in my prior post. These are the Adobe and Java installations, I propose we remove these shortly as they are a potential back-door for malware to reinfect a system. I am sure you can live without the aforementioned for a few days. We will download/update these later on OK.

Also you have no third party software firewall installed, this I am surmising you do not have because you are a online gamer, fair play that is your choice. However far to many applications have direct access to the internet and in the exceptions list of the inbuilt Windows XP SP3 firewall. Please remove everything from the exceptions list as otherwise this is another back-door for malware in my humble opinion and I will remove the associated registry entries later on. You may put some back in the exceptions list after I give the all clear, though I highly advise against it. That would be your decision to make, however for the course of this malware removal process please do as I asked with regard to the aforementioned exceptions list.

Free up Hard-Drive Space:

System drive C: has 26 GB (17%) free of 153 GB

This is considered borderline. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

I advise you read this article: What to do if your Computer's running slowly and choose to uninstall some software you do not need, this is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance.

Peer to Peer Advice:

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus

I'd like you to read the MRU policy for P2P Programs.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Acrobat 4.0
Adobe Reader 8.1.1
Azureus
GameSpy Arcade <-- This is known for Adware.
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Question:

I notice a specific Anti Malware Eradication application is present on your system and been used, namely Avenger. What did you use this for please. Also I would like to see the log it produced which can be found here:

C:\avenger.txt

Next:

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs can be read here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next:

I would like to view a list of currently installed software applications on you're PC. How to provide as follows:

Run HijackThis and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Answer to Avenger query.
  • Avenger Log.
  • ComboFix Log.
  • Uninstall List.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 12:50 am

I freed up quite a bit of space by deleting movies I had on my computer and what not. I still get the iexplorer pop ups and this is getting more and more frustrating hahaha. I'm really trying to be patient but man hate it haha. Thank you for reminding me about my firewall, I was trying to be able to host games for WC3 and it wasn't working so i disabled my firewall all together to try it out, and i completely forgot to put it back up. I uninstalled zone alarm as well a while back.

Answer to that avenger question, I don't remember ever using a program named avenger... so that's very odd. Here is what the log said:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Completed script processing.

*******************

Finished! Terminate.


I cannot give you a combo log because my computer wont let me load up the program. It displays that it is on in my process list, but it does not open. Again more frustrations hahaha. I am very thankful for you help. For you to deal with this all the time... Here is the uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6
AnyDVD
Apple Mobile Device Support
Apple Software Update
Atomic Clock Sync
AutoCAD 2007 - English
Autodesk DWF Viewer
AVG 7.5
Basic Webcam
Bounce Out Blitz(TM)
Choice Guard
Collapse II
Combined Community Codec Pack 2006-07-28 (Remove Only)
ConvertXtoDVD 2.2.3.258h
CopyPod (remove only)
Counter-Strike: Source
Diablo II
Digby's Donuts
DivX Web Player
DVD Shrink 3.2
DVD Suite
EAX(tm) Unified (SHELL)
EVEMon
EVE-ONLINE (remove only)
FLV Player 2.0 (build 25)
Fraps (remove only)
GNU Octave 2.1.73
Heroes of Might and Magic III Complete
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-10-12
iTunes
Left 4 Dead
LG USB Drivers
LG USB Modem driver
Luxor
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (3.0.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Muiltmedia keyboard utility 1.3
neroxml
NVIDIA Drivers
PowerDVD
PowerProducer
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
Shockwave.com Zuma
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.9.0 (remove only)
Skype 3.0
Skype Plugin Manager
SSH Secure Shell
Steam
System Requirements Lab
Team Fortress 2
The Rosetta Stone
The Rosetta Stone Classic
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
V CAST Music Manager
Ventrilo Client
VeohTV BETA
WebCam Suite 2.0
Winamp (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Yahoo! Messenger

And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:05 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3168212828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: rqtzbt.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O20 - Winlogon Notify: tuvSjJby - tuvSjJby.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

Thank you very much for you time and effort. If you think it would be alot easier to just scrub my drive, that is an option. If I should scrub my drive, what do you think I should install on my computer to prevent this from happening again? If scrubbing my drive isn't the best answer then disregaurd my last statement haha. Thank you very much again.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 12:52 am

I also forgot to add, when i booted my computer into safe mode a while back when I tried to salvage my computer myself, before I asked you for help, that iexplorer thing was in my process list. So I'm not sure what to make of that.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby Dakeyras » April 4th, 2009, 6:13 am

Hi :)

I freed up quite a bit of space by deleting movies I had on my computer and what not. I still get the iexplorer pop ups and this is getting more and more frustrating hahaha. I'm really trying to be patient but man hate it haha. Thank you for reminding me about my firewall, I was trying to be able to host games for WC3 and it wasn't working so i disabled my firewall all together to try it out, and i completely forgot to put it back up. I uninstalled zone alarm as well a while back.
OK this does explain a fair bit, never a wise move to leave any system with internet access that vulnerable without any form of firewall.

Answer to that avenger question, I don't remember ever using a program named avenger... so that's very odd. Here is what the log said:
That is fine, maybe someone else with access to your computer downloaded Avenger? This is one very powerful application and if used incorrectly it could render a system nothing more than a expensive door stop, no harm done however.

I cannot give you a combo log because my computer wont let me load up the program. It displays that it is on in my process list, but it does not open. Again more frustrations hahaha. I am very thankful for you help. For you to deal with this all the time...
Not a problem we will try a alternative method to enable ComboFix to run shortly and you are very welcome!

Thank you very much for you time and effort. If you think it would be alot easier to just scrub my drive, that is an option. If I should scrub my drive, what do you think I should install on my computer to prevent this from happening again? If scrubbing my drive isn't the best answer then disregaurd my last statement haha. Thank you very much again.
If we reach the situation were I deem a reformat and reinstallation of the operating system is the only recourse I will inform your good self.

Next:

OK lets try renaming ComboFix.exe as follows:

  • Right click on ComboFix.exe and select rename
  • Rename it Dakeyras1 and hit the enter/return key.

Now try to run Combofix again per my instructions.

If still unsuccessful please delete the renamed ComboFix and empty your Recycle Bin then proceed to the instructions below.

Next:

Now if this does not work either do not be alarmed as we will merely try a completely different approach OK :thumbup:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image
--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
How to temporarily disable AVG so that it won't interfere with ComboFix
Please open the AVG Control Center, by right clicking on the AVG icon on task bar.
  • Click Tools
  • Click Advanced
  • In the left hand pane, scroll down to Resident Shield
  • In the main pane, deselect Enable Resident Shield

Disable CounterSpy
  • Right-click on the running CounterSpy icon in the sytem tray.
  • Hover your mouse over "Active protection".
  • A menu will slide out and then you need to left click on "Disable Active Protection".

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Also re-enable CounterSpy.

When completed the above, please post back the following in the order asked for:

  • Any problems encountered and or further symptoms ?
  • ComboFix Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 8:02 am

Wow the number of processes being run under my name has significantly decreased! Other then that so far nothing out of the ordinary, the iexplorer hasn't popped up yet so far so good. Before I submit this I'm going to take a shower just to make sure if I'm still getting that pop up thing. I'm not sure if you wanted me to post the combofix log and the HJT log separately so I will do that anyway just in case. It will probably be easier for you to tell them apart. Here is the Combofix log:

ComboFix 09-04-03.01 - Matthew Tio 2009-04-04 1:33:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.682 [GMT -10:00]
Running from: c:\documents and settings\Matthew Tio\Desktop\Dakeyras1.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MATTHE~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Matthew Tio\Application Data\inst.exe
c:\program files\Helper
c:\windows\system32\drivers\UACmqppxwkb.sys
c:\windows\system32\exec1.exe
c:\windows\system32\fxjbmqed.ini
c:\windows\system32\UACeaqbhhwv.log
c:\windows\system32\UACevxumfoy.dll
c:\windows\system32\UAChemxbykl.dll
c:\windows\system32\UAChoyovkhl.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACllooqbar.dll
c:\windows\system32\UAClnosdumy.dat
c:\windows\system32\UACsvdjvrlt.dll
c:\windows\system32\UACvmpjyuhh.dll
c:\windows\system32\UACwbrsbpxm.log
c:\windows\Tasks\tzjifdxi.job

----- BITS: Possible infected sites -----

hxxp://ccp.vo.llnwd.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-04 01:00 . 2009-04-04 01:00 0 --a------ c:\windows\system32\SBRC.dat
2009-04-02 16:05 . 2009-04-02 16:05 <DIR> d-------- C:\rsit
2009-04-02 16:05 . 2009-04-02 16:05 <DIR> d-------- c:\program files\trend micro
2009-03-30 21:43 . 2009-03-30 21:43 <DIR> d-------- c:\program files\Microsoft
2009-03-30 21:43 . 2009-04-01 19:23 <DIR> d-------- c:\documents and settings\Matthew Tio\Tracing
2009-03-30 21:42 . 2009-03-30 21:42 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-30 21:42 . 2009-03-30 21:43 <DIR> d-------- c:\program files\Windows Live
2009-03-30 21:40 . 2009-03-30 21:40 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-28 01:14 . 2009-04-02 14:31 <DIR> d-------- c:\documents and settings\Matthew Tio\Application Data\U3
2009-03-17 01:26 . 2009-03-17 01:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 01:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 01:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 23:55 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-07 23:51 . 2009-03-07 23:51 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-07 22:28 . 2009-03-07 22:28 <DIR> d-------- c:\documents and settings\Matthew Tio\Application Data\Command & Conquer 3 Tiberium Wars
2009-03-07 22:27 . 2009-03-07 22:27 <DIR> dr-h----- c:\documents and settings\Matthew Tio\Application Data\SecuROM
2009-03-07 22:27 . 2009-03-07 22:27 98,304 --a------ c:\windows\system32CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 04:31 --------- d-----w c:\program files\Verizon Wireless
2009-04-04 04:30 --------- d-----w c:\program files\Common Files\Real
2009-04-04 04:29 --------- d-----w c:\program files\Java
2009-04-04 04:22 --------- d-----w c:\program files\GameSpy Arcade
2009-04-04 04:22 --------- d-----w c:\program files\Azureus
2009-04-04 04:21 --------- d-----w c:\program files\Common Files\Adobe
2009-04-03 18:57 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-04-03 02:54 --------- d-----w c:\program files\Steam
2009-03-30 08:56 --------- d-----w c:\program files\Warcraft III
2009-03-22 09:27 --------- d-----w c:\program files\Diablo II
2009-03-22 05:37 --------- d-----w c:\documents and settings\Matthew Tio\Application Data\Azureus
2009-03-17 18:52 --------- d-----w c:\documents and settings\Matthew Tio\Application Data\AVG7
2009-03-15 08:29 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2009-03-13 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-03-10 09:20 --------- d-----w c:\program files\Opera
2009-03-08 08:02 --------- d-----w c:\program files\World of Warcraft
2009-03-08 08:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 07:59 --------- d-----w c:\documents and settings\Matthew Tio\Application Data\EVEMon
2009-02-27 01:27 --------- d-----w c:\program files\EVEMon
2009-02-17 09:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-07 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\CCP
2009-02-07 06:41 --------- d-----w c:\program files\CCP
2009-02-07 04:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-01-19 09:09 47,360 ----a-w c:\documents and settings\Matthew Tio\Application Data\pcouffin.sys
2006-07-15 21:17 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-07 06:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-09-01 83968]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2007-01-07 207360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-10-28 681256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-22 219136]

c:\documents and settings\Matthew Tio\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-08-28 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rqtzbt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\half-life\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\team fortress classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\nataku320\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Steam\\steamapps\\matthewtio@hotmail.com\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.ICD"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:TCP"= 8000:TCP:*:Disabled:shoutcast
"8001:TCP"= 8001:TCP:*:Disabled:shout
"6112:TCP"= 6112:TCP:WC3
"6112:UDP"= 6112:UDP:WC3
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2007-03-31 36981]
S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d38f64-1b54-11de-bd2c-000e2e708351}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - c:\windows\system32\iehelper.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
HKCU-Run-system tool - c:\windows\sysguard.exe
HKCU-Run-Steam - (no file)
Notify-msldr32 - msldr32.dll
Notify-tuvSjJby - tuvSjJby.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {17B6C03E-011C-4FA3-9B12-F14E18294CE6} = 192.168.0.1
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Matthew Tio\Application Data\Mozilla\Firefox\Profiles\b5edrjgc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 01:38:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-2025429265-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1482476501-2025429265-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,eb,c1,4b,04,a3,0d,9a,f9,fc,5a,11,e7,f9,c2,f4,e4,54,84,08,97,21,0d,
cf,aa,60,55,a5,77,83,16,7c,ae,d4,25,07,9e,f3,f0,84,26,84,e5,10,c3,7a,55,63,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
Completion time: 2009-04-04 1:41:23
ComboFix-quarantined-files.txt 2009-04-04 11:40:07

Pre-Run: 53,423,669,248 bytes free
Post-Run: 55,307,292,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

234 --- E O F --- 2009-01-14 13:03:51



iexplorer has not poped up!
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 8:02 am

Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:47:29 AM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.907\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3168212828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17B6C03E-011C-4FA3-9B12-F14E18294CE6}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: rqtzbt.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 2:46 pm

When I woke up this morning AVG did a scheduled scan, I forgot to turn that off since you did not specify and it picked up 9 threats so far and I'm not sure if i should quarantine them or remove them from my computer. I always pick remove but a couple people told me it was a good idea to quarantine them. They would not tell me why, but why would I want to leave them on my computer sanitized or not? I don't understand how it didn't see these threats before... Some of these threats were things that combofix pointed out. Is that what combofix does? Takes away the wall that these trojans hide behind, or should i say the wooden horse they sit in haha.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby Dakeyras » April 4th, 2009, 2:50 pm

Hi :)

When I woke up this morning AVG did a scheduled scan, I forgot to turn that off since you did not specify and it picked up 9 threats so far and I'm not sure if i should quarantine them or remove them from my computer. I always pick remove but a couple people told me it was a good idea to quarantine them. They would not tell me why, but why would I want to leave them on my computer sanitized or not? I don't understand how it didn't see these threats before... Some of these threats were things that combofix pointed out. Is that what combofix does? Takes away the wall that these trojans hide behind, or should i say the wooden horse they sit in haha.
Thats fine at this juncture though pretty much moot as in regard to my findings from researching the last set of logs your good self provided.

I have bad news I'm afraid :(

Two or more of the identified infections are a Backdoor Trojan and Rootkit.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Invisible Popups

Unread postby unknut » April 4th, 2009, 3:09 pm

Wow... that is a very very big blow... I don't know weather I should feel elated we came out with a final course of action or if i should cry... Now i gotta call up all my banks and tell them to change my account info... wow... If i were to scrub my drive whats to say that I completely cleaned everything? I have read that it is possible for someone to make a few programs be missed while reformatting a drive... If that happens wouldn't that mean that even with a reformat I can still be infected? How do I reformat without that risk. If I were to reformat my drive, what programs should I be using to make sure this doesn't happen again? This really sucks. Thank you very much for your time and effort. I guess the bad guy wins this round :(.
unknut
Active Member
 
Posts: 13
Joined: March 27th, 2009, 5:41 am

Re: Invisible Popups

Unread postby Dakeyras » April 4th, 2009, 4:09 pm

Hi :)

Indeed it is not something you wished to learn and I assure a prudent course of action is to inform your financial institutions to apprise them of your situation. If I was in this situation myself I would as a matter of course.

In this instance the malware infections I have so far identified should not survive a reformat and reinstallation of the Windows operating system. If I thought a possibility some might survive the aforementioned reformat and reinstallation, there is a specific methodology we could apply but I honestly do not think in this situation it is required. I can by all means advise what to do after a reformat and reinstallation.

I do appreciate how frustrated you must feel and no the bad guys have not won because you have heeded my advice and opted for a reformat and reinstallation. Were as if I had carried out a attempted malware removal I could not guarantee that your computer would be at all secure afterwords and something I just could not detect remains and then one day you wonder why your bank statement shows erroneous entires.

Reformat and Reinstallation Advice:

  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    Here are some free Anti Virus programs which i recommend to use:
    • Antivir PersonalEditionClassic
      • Free anti-virus software for Windows.
      • Detects and removes more than 50,000 viruses. Free support.
    • avast! 4 Home Edition
        • Anti-virus program for Windows.
        • The home edition is freeware for noncommercial users.
    • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
      Here are some free Firewalls which i recommend to use:
      (Use only one, and disable your Windows Firewall)
  • Keep your system updated-Microsoft releases patches for Windows and other products regularly:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Malwarebytes' Anti-Malware - Download it from here
    The tutorial on how to use MBAM is located here
  • Install WinPatrol - Download it from here
    You can find information about how WinPatrol works here
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    Download it from here
    The tutorial on how to use Spyware Blaster is located here
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically. Any questions feel free to ask OK!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware