help please! Virtumonde/Adware

Welcome :)

We'd love to help you, but your log is unreadable. Please follow instructions at the top of the forum, and repost your log in the correct format. Thank you.

sorry did not have auto covert carriage returns to HTML line breaks

Logfile of HijackThis v1.99.1
Scan saved at 11:18:29 AM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\TAVScan.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gbaappyo.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtqnkh.dll (file missing)
O2 - BHO: (no name) - {EC8197C1-EA78-42C5-AE46-BEA7EC52DC25} - C:\WINDOWS\system32\vtsts.dll (file missing)
O2 - BHO: (no name) - {F105BC51-EC58-49AF-B41E-31136397C32A} - C:\Program Files\Windows Media Player\hokepoted58441.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\system32\lxfkfocl.dll",realset
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Justin Hallquist\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Message Edited by Dreamlines on 06-18-2007 01:18 PM

You must have missed one of the announcements.
You are using the 2.0 BETA version of HijackThis. You are also missing the header of your log.
Please read this announcement which explains how to download HijackThis and post a log:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=52014

Do not edit your post above. Please reply with your updated log below. Thanks. :)

Quote:
"Do not edit your post above. Please reply with your updated log below. "

I need to compare the two logs from both versions. What happened to the log from BETA 2.0?

In order to fix your problem it is important that you take the time to follow my instructions exactly. Please print them so you can refer to them easily.

First: Please disable SpySweeper, because it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
[After your system is fully cleaned re-enable Spysweeper using the same steps but this time reverse them.]

Look in your Control Panel's Add/Remove Programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets

Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot

Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/combofix.exe
Or
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the links are case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis v. 1.99.1 log.
4. * Also open Hijack This v. 1.99.1 and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
Copy and paste that list here with the other two logs.

**Notes:
1. Do not mouseclick Combofix's window while it is running. That may cause your system to stall/hang.
2. Do not proceed with the rest of the fix if you fail to run combofix.
3. If the text from all logs does not fit in one post, because the forum software takes a limited amount of text, just reply to yourself until all three logs are posted.

uninstall list
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
America Online (Choose which version to remove)
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Audio Pack
Creative MediaSource 5
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support 3.1
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.4)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
NVIDIA Drivers
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spy Sweeper
Starcraft
Synaptics Pointing Device Driver
Trend Micro AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Ventrilo Client
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Defender
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinZip
World of Warcraft

ComboFix 07-06-13.3 - C:\Documents and Settings\Justin Hallquist\Desktop\Justin's Folder\ComboFix.exe
"Justin Hallquist" - 2007-06-18 12:21:50 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\lxfkfocl.dll
C:\WINDOWS\system32\lcofkfxl.ini
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\inetget2
C:\Program Files\MSN Gaming Zone\profsywu.html
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 12:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 02:45 d-------- C:\Program Files\Windows Defender
2007-06-18 02:01 d-------- C:\VundoFix Backups
2007-06-18 01:21 d-------- C:\WINDOWS\network diagnostic
2007-06-18 01:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-17 15:54 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-06-17 15:43 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-17 15:43 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-17 15:43 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-06-17 15:43 164 --a------ C:\install.dat
2007-06-17 15:43 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-17 15:43 d-------- C:\Program Files\Webroot
2007-06-17 15:43 d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-17 15:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-17 15:41 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Webroot
2007-06-17 15:39 d-------- C:\info
2007-06-17 15:38 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-17 15:38 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-17 15:38 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-06-17 15:37 d-------- C:\Program Files\Trend Micro
2007-06-17 14:15 62,516 --a------ C:\WINDOWS\system32\gbaappyo.dll
2007-06-17 14:03 d--hs---- C:\DOCUME~1\JUSTIN~1\UserData
2007-06-17 14:01 929 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-06-17 14:01 d-------- C:\WINDOWS\system32\win
2007-06-17 14:01 d-------- C:\WINDOWS\system32\S7
2007-06-17 14:01 d-------- C:\WINDOWS\system32\S6
2007-06-17 14:01 d-------- C:\WINDOWS\system32\S4
2007-06-17 14:01 d-------- C:\WINDOWS\system32\S1
2007-06-17 14:01 d-------- C:\WINDOWS\system32\S0
2007-06-17 14:01 d-------- C:\WINDOWS\system32\o02PrEz
2007-06-17 14:01 d-------- C:\Temp\iee
2007-06-17 14:01 d-------- C:\Temp
2007-06-16 16:47 d-------- C:\Program Files\Ventrilo
2007-06-16 16:47 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Ventrilo
2007-06-16 16:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-16 11:59 d--hs---- C:\WINDOWS\CSC
2007-06-16 03:16 d-------- C:\Program Files\MSXML 4.0
2007-06-16 01:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-16 01:00 d-------- C:\WINDOWS\system32\PreInstall
2007-06-16 00:07 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-16 00:07 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-06-16 00:07 35,190 --a------ C:\WINDOWS\scunin.dat
2007-06-16 00:06 d-------- C:\Program Files\Starcraft
2007-06-15 22:05 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Apple Computer
2007-06-15 22:04 d-------- C:\Program Files\QuickTime
2007-06-15 22:04 d-------- C:\Program Files\iTunes
2007-06-15 22:04 d-------- C:\Program Files\iPod
2007-06-15 22:04 d-------- C:\Program Files\Apple Software Update
2007-06-15 22:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-15 21:53 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-15 21:47 d-------- C:\Program Files\World of Warcraft
2007-06-15 21:47 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-15 21:45 1,310,720 --ah----- C:\DOCUME~1\JUSTIN~1\NTUSER.DAT
2007-06-15 21:45 d--h----- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Gtek
2007-06-15 21:45 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Intel
2007-06-15 21:45 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\InstallShield
2007-06-15 21:45 d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Corel
2007-06-15 21:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-06-15 21:44 d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
2007-06-15 21:44 d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Corel
2007-06-15 21:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-15 21:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-07 22:29 d--hs---- C:\RECYCLER
2007-06-07 22:26 d-------- C:\Program Files\Microsoft Works
2007-06-07 22:26 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-06-07 22:25 d-------- C:\Program Files\Corel Corporation
2007-06-07 22:24 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2007-06-07 22:24 0 --ah----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\gwseh.dat
2007-06-07 22:24 d-------- C:\Program Files\Corel
2007-06-07 22:24 d-------- C:\Program Files\Common Files\Corel
2007-06-07 22:23 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-07 22:23 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-07 22:23 104,960 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-07 22:23 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-06-07 22:22 d-------- C:\WINDOWS\wt
2007-06-07 22:22 d-------- C:\Program Files\WildTangent
2007-06-07 22:22 d-------- C:\Program Files\WebCyberCoach
2007-06-07 22:22 d-------- C:\Program Files\Dell Support
2007-06-07 22:22 d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
2007-06-07 22:22 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-06-07 22:22 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-06-07 22:21 d-------- C:\Netscape
2007-06-07 22:21 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-07 22:20 98,358 --a------ C:\WINDOWS\dla.exe
2007-06-07 22:20 87,488 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2007-06-07 22:20 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-06-07 22:20 61,498 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-06-07 22:20 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-06-07 22:20 40,480 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-06-07 22:20 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-06-07 22:20 d-------- C:\WINDOWS\system32\dla
2007-06-07 22:20 d-------- C:\WINDOWS\occache
2007-06-07 22:20 d-------- C:\Program Files\Viewpoint
2007-06-07 22:20 d-------- C:\Program Files\Real
2007-06-07 22:20 d-------- C:\Program Files\Learn2.com
2007-06-07 22:20 d-------- C:\Program Files\EarthLink Setup
2007-06-07 22:20 d-------- C:\Program Files\Common Files\Real
2007-06-07 22:20 d-------- C:\Program Files\Common Files\Nullsoft
2007-06-07 22:20 d-------- C:\Program Files\AOL Companion
2007-06-07 22:20 d-------- C:\My Music


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 19:23:24 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-08 05:06:07 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 12:17]
{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}=C:\Program Files\Outerinfo\Outerinfo.dll []
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\gbaappyo.dll [2007-06-17 14:15]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 23:05]
{EC8197C1-EA78-42C5-AE46-BEA7EC52DC25}=C:\WINDOWS\system32\vtsts.dll []
{F105BC51-EC58-49AF-B41E-31136397C32A}=C:\Program Files\Windows Media Player\hokepoted58441.dll [2007-06-14 04:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-14 17:38 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 16:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 15:58]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 10:29]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 08:51]
"MBMon"="CTMBHA.DLL" [2006-06-28 21:12 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 07:20]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 23:02]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 07:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 14:51]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-21 22:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 02:40 C:\WINDOWS\MIDIDEF.EXE]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\profsywu.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="C:\WINDOWS\SYSTEM32\GWSEH.dll" [2004-09-23 05:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkh]
awtqnkh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]


Contents of the 'Scheduled Tasks' folder
2007-06-17 05:02:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-18 19:21:55 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-18 03:00:01 C:\WINDOWS\tasks\wrSpySweeper_L8FB9D4844A7D41819A47A46EF048EA72.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 12:25:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 12:26:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 12:25

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 12:26, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\catchme.cfexe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\ComboFix\nircmd.cfexe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gbaappyo.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {EC8197C1-EA78-42C5-AE46-BEA7EC52DC25} - C:\WINDOWS\system32\vtsts.dll (file missing)
O2 - BHO: (no name) - {F105BC51-EC58-49AF-B41E-31136397C32A} - C:\Program Files\Windows Media Player\hokepoted58441.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

question: Will buying Windows Vista outdate the virus or nullify it at all? If not, continue your work~ Thanks for all your help too!

"Will buying Windows Vista outdate the virus or nullify it at all?"
You may not be happy upgrading to Vista. We've cleaned up some of the infection on this operating system. We just have to clean the rest.


Please make sure SpySweeper is still disabled.

We also need to disable Defender.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please launch HijackThis and place a checkmark next to these:
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gbaappyo.dll
O2 - BHO: (no name) - {EC8197C1-EA78-42C5-AE46-BEA7EC52DC25} - C:\WINDOWS\system32\vtsts.dll (file missing)
O2 - BHO: (no name) - {F105BC51-EC58-49AF-B41E-31136397C32A} - C:\Program Files\Windows Media Player\hokepoted58441.dll
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)

Close all windows except HijackThis and click "Fix Checked".
Close HijackThis.

Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.

Configure to show all files/folders:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

Delete the following specified files:
C:\WINDOWS\system32\ gbaappyo.dll --file
C:\Program Files\Windows Media Player\ hokepoted58441.dll --file

Reboot normally.

Rehide files.
Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Check: Hide protected operating system files
Click on Apply.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
• If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• Please post that report in your next reply. Simply open the text file, then copy/paste the content here. Also, please include a fresh HJT log, and let me know how things are running. Thanks!

Adware:Adware/WinAntiSpyware Not disinfected c:\windows\poolsv.exe
Virus:trj/abwiz.a Disinfected Operating system
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ads.addynamix[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@fastclick[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@fortunecity[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@realmedia[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@stats1.reliablestats[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@winantispyware[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@www.drivecleaner[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Justin Hallquist\Desktop\Justin's Folder\ComboFix.exe[nircmd.exe]
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\Justin Hallquist\Local Settings\Temp\poolsv.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\WinAntiSpyware2007FreeInstall[1].exe
Adware:Adware/CWS Not disinfected C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\acdt-pid67N[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\YazzleBundle-1549[1].exe[¦++\Yazzle1549OinAdmin.exe]
Adware:Adware/WebSearch Not disinfected C:\i386\cogyaga58441.exe
Spyware:Spyware/Virtumonde Not disinfected C:\i386\gbaappyo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\i386\lxfkfocl.dll
Adware:Adware/Zenosearch Not disinfected C:\i386\nwintndt.exe
Spyware:Spyware/Virtumonde Not disinfected C:\i386\ssqpo.dll
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\poolsv\YazzleBundle-1549.exe[¦++\Yazzle1549OinAdmin.exe]
Spyware:Application/ErrorProtector Not disinfected C:\Program Files\WinAntiSpyware 2007\InstHelp.exe
Adware:Adware/ActiveSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir[²ÜÇ\Services.dll]
Virus:Malware Generic Disinfected C:\QooBox\Quarantine\catchme2007-06-18_122454.89.zip[core.sys]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqpo.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\S0\cogyaga58441.exe

Logfile of HijackThis v1.99.1
Scan saved at 3:09:09 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" -nag
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Please make sure Windows Defender and SpySweeper are still disabled.
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. 
   
2. Once you have downloaded AVG AS, locate the icon on the desktop and double-click it to launch the set up program.
3. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on AVG AS in the system tray and uncheck "Start with Windows".
4. >
5. Go to Start > Run and type: services.msc
6. Press "OK".
7. In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware guard.
8. When you find the guard service, double-click on it.
9. In the Properties Window > General Tab that opens, click the "Stop" button.
10. From the drop-down menu next to "Startup Type", click on "Manual".
11. Now click "Apply", then "OK" and close the Services window
12. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
13. On the main screen select the icon "Update". Tthen select the "Update now" link.
14. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
15. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
    
16. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
17. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
18. Under "Reports"
19. Select "Automatically generate report after every scan"
20. Un-Select "Only if threats were found"
21. Close AVG Anti-Spyware, Do Not run a scan just yet.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    2. IMPORTANT: Do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning proccess:
       
    3. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
    4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    5. AVG AS will now begin the scanning process, be patient this may take a little time.
    6. Once the scan is complete do the following:
       
    7. If you have any infections you will prompted, then select "Apply all actions"
    8. Next select the "Reports" icon at the top.
    9. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    10. Close AVG AS and reboot your system back into Normal Mode.
    11. 
        
        Please download the latest version of VundoFix.exe to your desktop. (If you have an earlier version, delete it and its old log here: C:\ vundofix.txt.)
        • Double-click VundoFix.exe to run it.
        • Click the Scan for Vundo button.
        • Once it's done scanning, click the Remove Vundo button.
        • You will receive a prompt asking if you want to remove the files,
        • click YES
          
        • Once you click yes, your desktop will go blank as it starts removing
        • Vundo.
          
        • When completed, it will prompt that it will shutdown your computer,
        • click OK.
          
        • Turn your computer back on.
        
        Note: It is possible that VundoFix encountered a file it could not
        remove.
        In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. ** If you get a warning in your VundoFix log about updating Java, do not do so until I can give you further instructions.
        
        Reboot into Safemode:
        Turn on the computer.
        Immediately begin tapping the F8 key.
        Use the arrow keys to highlight Safe Mode and press the Enter key.
        
        While in Safemode, please launch Hijackthis and place a checkmark next to these if they still exist:
        O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
        O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
        O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" -nag
        O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
        O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
        O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" -nag
        O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing).
        Close all windows except HijackThis and click "Fix Checked".
        Close Hijackthis.
        
        Delete this file if it still exists:
        C:\WINDOWS\system32\ S0 --file
        
        Delete the specified folders if they still exist:
        C:\Program Files\ poolsv\ --FOLDER
        C:\Program Files\Common Files\ WinAntiSpyware 2007 --FOLDER
        
        Reboot normally.
        
        Please post the contents of C:\ vundofix.txt, your report from AVG Anti-Spyware, and a new HiJackThis log.

Message Edited by Bugbatter on 06-19-2007 11:53 PM

There were no vundo found (I did a scan/remove right before I posted with you so that might be why)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:01:28 PM 6/19/2007

+ Scan result:



C:\Program Files\Hijackthis\backups\backup-20070619-141223-120.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005627.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000617.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000733.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000734.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Desktop\Justin's Folder\OiUninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Application Data\WinAntiSpyware 2007 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Application Data\WinAntiSpyware 2007\Logs -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Application Data\WinAntiSpyware 2007\Logs\update.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\FOPN.sys -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stera.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS7_is1 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\Salestart -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\WinAntiSpyware 2007 Free -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\uwas7cw -> Adware.RogueSuspect : Error during cleaning.
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005437.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\WinAntiSpyware 2007\InstHelp.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP15\A0005735.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\Program Files\WinAntiSpyware 2007\up.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0002135.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005413.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\i386\nwintndt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005436.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\index[1].htm -> Downloader.Agent.gx : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\YazzleBundle-1549[1].exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\Program Files\poolsv\YazzleBundle-1549.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0002133.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005620.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005659.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\i386\o02PrEz1065.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0001990.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005579.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\S4\wen2.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\i386\wen2.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\acdt-pid67N[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005471.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\WinAntiSpyware2007FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP15\A0005677.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP15\A0005741.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP15\snapshot\MFEX-1.DAT -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\ATUNA1IJ\n404-4[1].htm -> Not-A-Virus.Exploit.MS06006 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin Hallquist\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\n404-4[1].htm -> Not-A-Virus.Exploit.MS06006 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.87:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.88:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.89:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.90:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.14:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.93:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.94:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.95:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.16:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ehg-hollywoodmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.111:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.112:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.113:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.79:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.80:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.68:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.100:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.64:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.78:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ads.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.114:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.12:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.74:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\Justin Hallquist\Application Data\Mozilla\Firefox\Profiles\wv2d8oxt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Justin Hallquist\Cookies\justin_hallquist@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005654.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP15\A0005736.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\Program Files\World of Warcraft\WoW-2.1.0-enUS-downloader.exe -> Trojan.WOW.rg : Cleaned with backup (quarantined).
C:\Program Files\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe -> Trojan.WOW.rg : Cleaned with backup (quarantined).
C:\Program Files\World of Warcraft\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe -> Trojan.WOW.rg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP14\A0005585.exe -> Trojan.WOW.rg : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:29:47 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Message Edited by Dreamlines on 06-20-2007 01:34 AM

You log appears to be clean, but there are a couple of strange things going on there. Did you set AVG's Guard to Manual as the instructions specified? VundoFix should have produced a log even though it did not find anything.

You can delete the tools (and their logs) that we used to clean your PC. If you would like to keep AVG AS you can use it on demand when the trial period is over. If you ran ComboFix delete that as well as its quarantine here if it still remains: c:\qoobox\

Download and scan each user profile with CCleaner (a good tool to keep and use regularly):
http://www.ccleaner.com/downloadbuilds.asp
** Select to download the BASIC version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u1 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• 
  
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.


Finally, please post a fresh Hijackthis log for final review. Thanks.

I am still getting mass popups again. :( It just never ends. It was good for a bit but they are coming back

Logfile of HijackThis v1.99.1
Scan saved at 11:59:12 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Message Edited by Dreamlines on 06-21-2007 01:59 AM