1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tagasaurus strikes again! Help!

Discussion in 'Virus & Other Malware Removal' started by kenakin, Jan 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    Tagasaurus is just one of several that have ended up on my system recently. I have tried everything I know to do without success. I have read some other threads on here and it seems you guys have helped others with this problem so Im going to put it your hands. Below is a copy of my HijackThis log. Please guide me from there. Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 1:36:07 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.217.227.143:8080
    O1 - Hosts: 85.17.40.246 www.torrentbytes.net
    O1 - Hosts: 85.17.40.247 tracker.torrentbytes.net
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB002" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026064648
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://asp.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  2. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    Logfile of HijackThis v1.99.1
    Scan saved at 3:47:09 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\dwwin.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.217.227.143:8080
    O1 - Hosts: 85.17.40.246 www.torrentbytes.net
    O1 - Hosts: 85.17.40.247 tracker.torrentbytes.net
    O2 - BHO: (no name) - {2A0928B3-36CA-47F8-8F13-2434D994C0B1} - C:\WINDOWS\system32\awvvu.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fledqkqs.dll (file missing)
    O2 - BHO: IEWatch Spy 0.8.0 - {85DDD882-701E-401B-8A7D-D51227048214} - C:\Program Files\Internet Spy\iewatcher.dll
    O2 - BHO: (no name) - {DED7E2D6-11C0-4D7A-B9C3-05D83211545B} - C:\WINDOWS\system32\fccddba.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB002" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026064648
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://asp.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll
    O20 - Winlogon Notify: fccddba - C:\WINDOWS\SYSTEM32\fccddba.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/

    ================
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
    ====================

    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ==================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  4. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    I have been running kaspersky but it was not when I did the HJT. It kept finding things and I would tell it to fix it but they just came back.
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should always have an active AV If you still have it activate it and then do the rest of my post
     
  6. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    Below find the log files for VundoFix and combofix.
    The superantispyware and HJT log will be in the post that follows.

    VundoFix V6.3.2

    Checking Java version...

    Java version is 1.5.0.2

    Scan started at 4:10:35 PM 1/27/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\fccddba.dll
    C:\WINDOWS\system32\fledqkqs.dll
    C:\WINDOWS\system32\isquahsq.ini
    C:\WINDOWS\system32\jkklljj.dll
    C:\WINDOWS\system32\nqbnfpgl.exe
    C:\WINDOWS\system32\pmnkhhf.dll
    C:\WINDOWS\system32\qshauqsi.dll
    C:\WINDOWS\system32\rqrqppn.dll
    C:\WINDOWS\system32\ssqomkh.dll
    C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\awvvu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccddba.dll
    C:\WINDOWS\system32\fccddba.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\isquahsq.ini
    C:\WINDOWS\system32\isquahsq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkklljj.dll
    C:\WINDOWS\system32\jkklljj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqbnfpgl.exe
    C:\WINDOWS\system32\nqbnfpgl.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnkhhf.dll
    C:\WINDOWS\system32\pmnkhhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qshauqsi.dll
    C:\WINDOWS\system32\qshauqsi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrqppn.dll
    C:\WINDOWS\system32\rqrqppn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqomkh.dll
    C:\WINDOWS\system32\ssqomkh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\fccddba.dll
    C:\WINDOWS\system32\fccddba.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    "Owner" - 07-01-27 16:28:31 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Owner\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\INSTALL.LOG
    C:\Program Files\VSAdd-in


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


    2007-01-27 16:10 <DIR> d-------- C:\VundoFix Backups
    2007-01-27 13:35 <DIR> d-------- C:\Program Files\Hijackthis
    2007-01-27 11:36 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-01-26 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-26 19:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-01-26 17:40 <DIR> d-------- C:\Program Files\Lavasoft
    2007-01-26 17:40 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Lavasoft
    2007-01-25 14:31 92,064 --a------ C:\DOCUME~1\Owner\mqdmmdm.sys
    2007-01-25 14:31 9,232 --a------ C:\DOCUME~1\Owner\mqdmmdfl.sys
    2007-01-25 14:31 79,328 --a------ C:\DOCUME~1\Owner\mqdmserd.sys
    2007-01-25 14:31 66,656 --a------ C:\DOCUME~1\Owner\mqdmbus.sys
    2007-01-25 14:31 6,208 --a------ C:\DOCUME~1\Owner\mqdmcmnt.sys
    2007-01-25 14:31 5,936 --a------ C:\DOCUME~1\Owner\mqdmwhnt.sys
    2007-01-25 14:31 4,048 --a------ C:\DOCUME~1\Owner\mqdmcr.sys
    2007-01-25 14:17 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\InstallShield
    2007-01-24 14:37 <DIR> d-------- C:\Program Files\Musicmatch
    2007-01-21 12:27 <DIR> d-------- C:\Program Files\Flock
    2007-01-21 12:27 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Flock
    2007-01-21 10:32 <DIR> d-------- C:\Program Files\eBay
    2007-01-19 09:38 <DIR> d-------- C:\WINDOWS\ie7updates
    2007-01-15 21:07 <DIR> d-------- C:\Program Files\LucasArts
    2007-01-07 16:37 <DIR> d-------- C:\Program Files\Alcohol Soft
    2007-01-07 16:35 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-01-07 16:00 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
    2007-01-04 14:28 1 --a------ C:\WINDOWS\explore256.dll
    2007-01-04 14:25 101,888 --------- C:\WINDOWS\system32\VB6STKIT.DLL
    2007-01-04 14:25 <DIR> d-------- C:\Program Files\Northworks Solutions Ltd
    2007-01-02 10:33 35,144 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-01-02 10:33 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
    2007-01-02 10:33 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
    2006-12-31 08:41 <DIR> d-------- C:\DVD_01_1
    2006-12-30 08:35 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2006-12-30 08:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2006-12-29 18:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2006-12-29 18:19 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-27 13:13 -------- d-------- C:\DOCUME~1\Owner\Application Data\azureus
    2007-01-26 20:21 -------- d-------- C:\Program Files\azureus
    2007-01-25 14:31 25600 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
    2007-01-25 14:31 -------- d-------- C:\Program Files\motorola phone tools
    2007-01-25 14:17 -------- d-------- C:\Program Files\avanquest update
    2007-01-24 20:00 83 ---hs---- C:\DOCUME~1\Owner\Application Data\.zreglib
    2007-01-24 14:35 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-20 04:09 -------- d-------- C:\Program Files\internet spy
    2007-01-12 13:19 482 --a------ C:\DOCUME~1\Owner\Application Data\wklnhst.dat
    2007-01-09 22:21 -------- d-------- C:\Program Files\slysoft
    2006-12-30 08:33 -------- d-------- C:\Program Files\windows media connect
    2006-12-27 06:58 -------- d---s---- C:\DOCUME~1\Owner\Application Data\microsoft
    2006-12-18 12:46 -------- d-------- C:\Program Files\Common Files\nova development
    2006-12-18 12:45 -------- d-------- C:\Program Files\hallmark
    2006-12-16 18:08 -------- d-------- C:\Program Files\winamp
    2006-12-13 15:24 89296 --a------ C:\WINDOWS\system32\elbycdio.dll
    2006-12-06 23:30 -------- d-------- C:\Program Files\windows defender
    2006-11-29 08:20 -------- d-------- C:\DOCUME~1\Owner\Application Data\slysoft
    2006-11-29 08:20 -------- d-------- C:\DOCUME~1\Owner\Application Data\elaborate bytes
    2006-11-29 07:22 -------- d-------- C:\Program Files\msn encarta plus
    2006-11-29 07:22 -------- d-------- C:\Program Files\microsoft works
    2006-11-29 07:22 -------- d-------- C:\Program Files\microsoft picture it! 10
    2006-11-13 07:17 12997 --a------ C:\DOCUME~1\Owner\Application Data\comma separated values (dos).cal
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 15:41 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
    "AnyDVD"="J:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Mixersel"="C:\\Program Files\\Realtek\\InstallShield\\mixersel.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AlcWzrd"="ALCWZRD.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "EPSON Stylus Photo 825"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P22 \"EPSON Stylus Photo 825\" /O6 \"USB002\" /M \"Stylus Photo 825\""
    "SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Microsoft startup"="SoftwareUpdates.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    "location"="Common Startup"
    "item"="BigFix"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
    "backup"="C:\\WINDOWS\\pss\\Event Planner Reminder.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\Installer\\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe "
    "item"="Event Planner Reminder"
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Event Planner Reminder.lnk"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
    "backup"="C:\\WINDOWS\\pss\\Event Planner Reminders Tray Icon.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Event Planner Reminders Tray Icon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
    "backup"="C:\\WINDOWS\\pss\\Forget Me Not.lnkCommon Startup"
    "location"="Common Startup"
    "command"="J:\\PROGRA~1\\BRODER~1\\AGCREA~1\\agremind.exe "
    "item"="Forget Me Not"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
    "backup"="C:\\WINDOWS\\pss\\Check For Dope Wars Updates.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\Dopewars\\WiseUpdt.exe /C"
    "item"="Check For Dope Wars Updates"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WkCalRem.LNK]
    "backup"="C:\\WINDOWS\\pss\\WKCALREM.LNKStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\WkCalRem.exe "
    "item"="WKCALREM"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLSP Scheduler"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="BWMONITOR"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BandwidthMonitor\\BWMONITOR.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcappins"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gcasServ"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cledx"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HDAudPropShortcut"
    "hkey"="HKLM"
    "command"="HDAudPropShortcut.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cfgwiz"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LaunchList"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcagent"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="McUpdate"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SoftwareUpdates"
    "hkey"="HKLM"
    "command"="SoftwareUpdates.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mimboot"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ICQNet"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="oasclnt"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ONETOU~2"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PDVDServ"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RoxWatchTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIAPRO7]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SIAPRO7"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpyHunter"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UsrPrmpt"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tgcmd"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AdobeUpdateManager"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UrlLstCk"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcvsshld"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcmnhdlr"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ypager"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "RoxWatch"=dword:00000002
    "RoxMediaDB"=dword:00000003
    "RoxLiveShare"=dword:00000002
    "McShield"=dword:00000002
    "McDetect.exe"=dword:00000002
    "PrismXL"=dword:00000002
    "MDM"=dword:00000002

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{DED7E2D6-11C0-4D7A-B9C3-05D83211545B}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49e04e11-dd29-11d9-8ebb-806d6172696f}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5f56d57-9f07-11db-beb8-0013207648f2}]
    Shell\AutoRun\command K:\wd_windows_tools\setup.exe


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 07-01-27 16:31:35
     
  7. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    SUPERAntiSpyware Scan Log
    Generated 01/27/2007 at 05:25 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3173
    Trace Rules Database Version: 1183

    Scan type : Complete Scan
    Total Scan Time : 00:45:03

    Memory items scanned : 351
    Memory threats detected : 0
    Registry items scanned : 7938
    Registry threats detected : 3
    File items scanned : 74417
    File threats detected : 234

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]centralmediaserver[2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][9].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]poker[1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

    Unclassified.Unknown Origin
    HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}
    HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32
    HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32#ThreadingModel
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048940.NFO

    KeyLogger.PerfectKeyLogger
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP527\A0037732.EXE

    Trojan.Downloader-Quake11
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP630\A0048652.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP631\A0048690.DLL
    C:\VUNDOFIX BACKUPS\QSHAUQSI.DLL.BAD

    Trojan.Downloader-Gen/LIB
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP630\A0048653.DLL

    Trojan.Downloader-SpyTool
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP630\A0048662.DLL

    Trojan.Downloader-WBRock
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048971.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048972.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048973.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048974.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP633\A0048982.DLL
    C:\VUNDOFIX BACKUPS\FCCDDBA.DLL.BAD
    C:\VUNDOFIX BACKUPS\JKKLLJJ.DLL.BAD
    C:\VUNDOFIX BACKUPS\PMNKHHF.DLL.BAD
    C:\VUNDOFIX BACKUPS\RQRQPPN.DLL.BAD
    C:\VUNDOFIX BACKUPS\SSQOMKH.DLL.BAD


    Logfile of HijackThis v1.99.1
    Scan saved at 5:37:07 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.217.227.143:8080
    O1 - Hosts: 85.17.40.246 www.torrentbytes.net
    O1 - Hosts: 85.17.40.247 tracker.torrentbytes.net
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
    O2 - BHO: IEWatch Spy 0.8.0 - {85DDD882-701E-401B-8A7D-D51227048214} - C:\Program Files\Internet Spy\iewatcher.dll
    O2 - BHO: (no name) - {DED7E2D6-11C0-4D7A-B9C3-05D83211545B} - C:\WINDOWS\system32\fccddba.dll (file missing)
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB002" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026064648
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://asp.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I take it you are in the Netherlands and those O1 entries are legit

    =======================

    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.

    ===========================
    You still do not have an active AntiVirus - you will just get infected again if you do not load one.

    =========================

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)

    O2 - BHO: (no name) - {DED7E2D6-11C0-4D7A-B9C3-05D83211545B} - C:\WINDOWS\system32\fccddba.dll (file missing)

    O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\SoftwareUpdates.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  9. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    before I go any further...I am in the U.S.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Those O1 entries are pointing to the Netherlands - if you do not know thme then do this

    Download Hoster from here:
    www.funkytoad.com/download/hoster.zip
    Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
     
  11. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    This is what kaspersky keeps telling me when I open internet explorer. I have done everything you said in the last post and will be posting the HJT log next.

    1/27/2007 6:41:31 PM C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1264).
    1/27/2007 6:41:31 PM C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1264). Action allowed
    1/27/2007 6:42:27 PM C:\Program Files\Internet Explorer\iexplore.exe Process is trying to inject module C:\WINDOWS\system32\IEFRAME.dll into all processes.
    1/27/2007 6:42:27 PM C:\Program Files\Internet Explorer\iexplore.exe Process is trying to inject module C:\WINDOWS\system32\IEFRAME.dll into all processes. Action denied.
    1/27/2007 6:42:44 PM C:\Program Files\Internet Explorer\iexplore.exe Process is trying to inject module C:\WINDOWS\system32\IEFRAME.dll into all processes.
    1/27/2007 6:42:44 PM C:\Program Files\Internet Explorer\iexplore.exe Process is trying to inject module C:\WINDOWS\system32\IEFRAME.dll into all processes. Action denied.
     
  12. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    Logfile of HijackThis v1.99.1
    Scan saved at 6:45:03 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.217.227.143:8080
    O2 - BHO: IEWatch Spy 0.8.0 - {85DDD882-701E-401B-8A7D-D51227048214} - C:\Program Files\Internet Spy\iewatcher.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB002" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] J:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026064648
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://asp.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Disable Kaspersky and load AVG - see what it says
     
  14. kenakin

    kenakin Thread Starter

    Joined:
    Jan 27, 2007
    Messages:
    30
    So far, AVG isnt showing anything. The messages I was getting from kaspersky were from the "proactive defense" portion of the program.
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538839

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice