Drive cleaner problems Options

[Huitzi]

I have put a post in another section and now after being very frustrated with drivecleaner I will post up my hijack this with adaware logs:
Logfile of HijackThis v1.99.1
Scan saved at 3:33:34 PM, on 7/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Vet\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\POPUPK~1\NoPopup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\123HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblxuwm.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PopupKiller] C:\PROGRA~1\POPUPK~1\NoPopup.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chocchip01.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, 7 January 2007 3:35:07 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R142 02.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-01-2007 3:35:07 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Doug\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1079549642-1686415719-942459995-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 7-01-2007 12:41:30 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 7-01-2007 12:41:32 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 7-01-2007 12:41:40 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 7-01-2007 12:41:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 7-01-2007 12:41:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 7-01-2007 12:41:42 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 7-01-2007 12:41:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1208
ThreadCreationTime : 7-01-2007 12:41:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1348
ThreadCreationTime : 7-01-2007 12:41:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1384
ThreadCreationTime : 7-01-2007 12:41:43 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 12
ProductVersion : 9, 0, 0, 0
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : EvtEng.EXE

#:11 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1480
ThreadCreationTime : 7-01-2007 12:41:44 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 41
ProductVersion : 9, 0, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : S24EvMon.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 7-01-2007 12:41:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1732
ThreadCreationTime : 7-01-2007 12:41:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZONELABS\
ProcessID : 1788
ThreadCreationTime : 7-01-2007 12:41:45 AM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 7-01-2007 12:41:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [anbmserv.exe]
FilePath : C:\Acer\eManager\
ProcessID : 884
ThreadCreationTime : 7-01-2007 12:42:00 AM
BasePriority : Normal
FileVersion : 3.0.6.9
ProductVersion : 1.0
ProductName : Acer eManager for Notebook
CompanyName : OSA Technologies Inc.
FileDescription : Service Program for Acer eManager
LegalCopyright : Acer Inc. © 2004
LegalTrademarks : Acer Empowering Technology
Comments : A Windows 2000/XP Service Program for Acer eManager

#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1036
ThreadCreationTime : 7-01-2007 12:42:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [btwdins.exe]
FilePath : c:\Program Files\WIDCOMM\Bluetooth Software\bin\
ProcessID : 1180
ThreadCreationTime : 7-01-2007 12:42:00 AM
BasePriority : Normal
FileVersion : 4.0.1.2304
ProductVersion : 4.0.1.2304
ProductName : Bluetooth Software 4.0.1.2304
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTWDIns.EXE

#:19 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1304
ThreadCreationTime : 7-01-2007 12:42:00 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 10
ProductVersion : 9, 0, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:20 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1404
ThreadCreationTime : 7-01-2007 12:42:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [vetmsg.exe]
FilePath : C:\Vet\
ProcessID : 1504
ThreadCreationTime : 7-01-2007 12:42:01 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : vetmsg
CompanyName : Computer Associates International, Inc.
FileDescription : vetmsg
InternalName : vetmsg
LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc.
OriginalFilename : vetmsg.exe

#:22 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 320
ThreadCreationTime : 7-01-2007 12:42:05 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 7-01-2007 12:42:05 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 7-01-2007 12:42:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:25 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 312
ThreadCreationTime : 7-01-2007 12:42:11 AM
BasePriority : Normal
FileVersion : 7.12.3 08Oct04
ProductVersion : 7.12.3 08Oct04
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPLpr.exe

#:26 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1756
ThreadCreationTime : 7-01-2007 12:42:12 AM
BasePriority : Normal
FileVersion : 7.12.3 08Oct04
ProductVersion : 7.12.3 08Oct04
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPEnh.exe

#:27 [pcmservice.exe]
FilePath : C:\Program Files\Arcade\
ProcessID : 2120
ThreadCreationTime : 7-01-2007 12:42:14 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : PCMService.EXE

#:28 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2296
ThreadCreationTime : 7-01-2007 12:42:16 AM
BasePriority : Normal
FileVersion : 6.14.10.5140
ProductVersion : 6.14.10.5140
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:29 [epm-dm.exe]
FilePath : C:\acer\epm\
ProcessID : 2328
ThreadCreationTime : 7-01-2007 12:42:16 AM
BasePriority : Normal
FileVersion : 2.57
ProductVersion : 2.57
ProductName : Acer EPM Device Manager
CompanyName : Acer Inc
FileDescription : Acer EPM Device Manager
InternalName : EPM-DM.exe
LegalCopyright : Copyright ?2003-2004 by Acer Inc
OriginalFilename : EPM-DM.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2492
ThreadCreationTime : 7-01-2007 12:42:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2508
ThreadCreationTime : 7-01-2007 12:42:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [qtzgacer.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 2564
ThreadCreationTime : 7-01-2007 12:42:20 AM
BasePriority : Normal
FileVersion : 1, 0, 8, 628
ProductVersion : 1, 0, 8, 628
ProductName : Launch Manager
CompanyName : Dritek System Inc.
FileDescription : Launch Manager
LegalCopyright : © Dritek System Inc. All rights reserved.
OriginalFilename : QtZgAcer.exe

#:33 [monitor.exe]
FilePath : C:\Program Files\Acer\eRecovery\
ProcessID : 2592
ThreadCreationTime : 7-01-2007 12:42:20 AM
BasePriority : Normal
FileVersion : 1, 2, 11, 1
ProductVersion : 1, 2, 11, 1
ProductName : eRecovery
CompanyName : acer Inc.
FileDescription : Monitor
InternalName : xOBRMonitor.exe
LegalCopyright : © acer Inc. All rights reserved.
OriginalFilename : xOBRMonitor.exe

#:34 [vettray.exe]
FilePath : C:\Vet\
ProcessID : 2612
ThreadCreationTime : 7-01-2007 12:42:20 AM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:35 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2640
ThreadCreationTime : 7-01-2007 12:42:20 AM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:36 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2700
ThreadCreationTime : 7-01-2007 12:42:21 AM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:37 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_10\bin\
ProcessID : 2716
ThreadCreationTime : 7-01-2007 12:42:22 AM
BasePriority : Normal


#:38 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2908
ThreadCreationTime : 7-01-2007 12:42:23 AM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:39 [nopopup.exe]
FilePath : C:\PROGRA~1\POPUPK~1\
ProcessID : 2972
ThreadCreationTime : 7-01-2007 12:42:23 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Popup Killer
CompanyName : TopDownloads
InternalName : NoPopup
OriginalFilename : NoPopup.exe

#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3220
ThreadCreationTime : 7-01-2007 12:42:25 AM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:41 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ProcessID : 3332
ThreadCreationTime : 7-01-2007 12:42:27 AM
BasePriority : Normal
FileVersion : 4.0.1.2304
ProductVersion : 4.0.1.2304
ProductName : Bluetooth Software 4.0.1.2304
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTTray.exe

#:42 [wg111cfg.exe]
FilePath : C:\Program Files\NETGEAR\WG111 Configuration Utility\
ProcessID : 3576
ThreadCreationTime : 7-01-2007 12:42:28 AM
BasePriority : Normal
FileVersion : 2, 0, 4, 7
ProductVersion : 2, 0, 4, 7
ProductName : NETGEAR WG111 Smart Wizard-Wireless Assistance
FileDescription : NETGEAR WG111 Smart Wizard-Wireless Assistance
InternalName : Wg111.exe
LegalCopyright : 2004, Netgear, Inc. All Rights Reserved
OriginalFilename : Wg111.exe

#:43 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 3696
ThreadCreationTime : 7-01-2007 12:42:30 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:44 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 3768
ThreadCreationTime : 7-01-2007 12:42:31 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:45 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 1468
ThreadCreationTime : 7-01-2007 12:42:35 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 516
ThreadCreationTime : 7-01-2007 4:02:17 AM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3684
ThreadCreationTime : 7-01-2007 4:52:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2936
ThreadCreationTime : 7-01-2007 5:04:56 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug@rotator.adjuggler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:358
Value : Cookie:doug@rotator.adjuggler.com/
Expires : 3-01-2017 3:29:06 PM
LastSync : Hits:358
UseCount : 0
Hits : 358

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug@wetpaint.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:doug@wetpaint.112.2o7.net/
Expires : 5-01-2012 10:56:34 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug@perf.overture.com/
Expires : 5-01-2011 10:34:58 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 15



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

3:39:04 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:56.219
Objects scanned:146725
Objects identified:3
Objects ignored:0
New critical objects:3

Thank you in advance for any help here

[HJThis]

Hello,Huitzi & Welcome


View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

===========

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblxuwm.dll
O2 - BHO: (no name) - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

===========

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

===========

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\system32\tcblxuwm.dll<---This file
C:\WINDOWS\system32\br_rt.dll<---This file
C:\WINDOWS\system32\Netverchk.exe<---This file

Now Restart in Normal Mode show me new HijackThis logfile.


Gogo

[Huitzi]

I would just like to say thank you for your help.
The file br_rt.dll was not there but br_rt uninstall was there im guessing I should have deleted it but I felt that should follow your instructions to the letter so I didnt delete it,can you please let me know if I should have deleted this file. Here is my HJ This log.



Logfile of HijackThis v1.99.1
Scan saved at 8:16:27 AM, on 8/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Vet\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\POPUPK~1\NoPopup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\123HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PopupKiller] C:\PROGRA~1\POPUPK~1\NoPopup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chocchip01.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

[HJThis]

Hi,Huitzi

I would say it's ok to go after that file but are we still having a
problme here or are things better on your end.

Gogo

[Huitzi]

Everything appears to be clear from this end although the computer is being a bit slow (lagging) but this could be due to the security programs that I am now running. Spybot S&D,Spyware Guard,Spyware Blaster and Zone Alarm Firewall.
I will now do the last delete and wait for your reply, also shall I do a new restore point in system restore?

[Huitzi]

Logfile of HijackThis v1.99.1
Scan saved at 3:35:04 PM, on 8/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Vet\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\POPUPK~1\NoPopup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Vet\isafe.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\123HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PopupKiller] C:\PROGRA~1\POPUPK~1\NoPopup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chocchip01.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

[HJThis]

Hey,Huitzi

Hmm what are you using for an Anti-Virus scanner ???


To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


Next, let's clean your restore points and set a new one


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.


Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.



Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

And please have a look at the great info by Mr,TK
So how did I get infected in the first place


Gogo

[Huitzi]

Im running Vet AntiVirus,I keep getting a malaware detection when I run spybot S&D "Hot Search Bar"? Any ideas Gogo? All other instructions have been done.

This post has been edited by Huitzi: Jan 7 2007, 09:13 AM

[HJThis]

Hi,Huitzi

Where is it finding this item need full path to file


Please download ComboFix and save it to your desktop.

Double click combofix.exe and follow the prompts.

When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Gogo

[Huitzi]

Gday Gogo, in the last 24 hrs the hot search bar has not come back,it was located in
C:\documents and settings\doug\local settings\temp\dayst.dat
also
C:\documents and settings\angie\local settings\temp\dayst.dat
and here is the combo fix log:
Doug - 07-01-08 11:25:24.07 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Doug\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-08 to 2007-01-08 ))))))))))))))))))))))))))))))))))


2007-01-08 18:04 <DIR> d-------- C:\ie-spyad
2007-01-07 10:41 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-07 10:41 <DIR> d-------- C:\Program Files\Zone Labs
2007-01-07 10:40 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-06 17:14 <DIR> d-------- C:\Security Logs
2007-01-06 15:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-06 14:30 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-01-06 14:25 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-06 14:25 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-06 14:24 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-06 14:23 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-06 14:22 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-06 14:10 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-01-06 14:10 <DIR> d-------- C:\Documents and Settings\Doug\SecurityScans
2007-01-06 13:30 <DIR> d-------- C:\123HJT
2007-01-05 16:56 <DIR> d-------- C:\gzhgHXGGS
2007-01-04 22:15 <DIR> d-------- C:\Program Files\SpywareGuard
2007-01-04 22:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-04 21:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-04 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-04 01:49 <DIR> d-------- C:\Program Files\Spy Cleaner Free Version
2007-01-04 01:21 <DIR> d-------- C:\Program Files\SpywareRemover
2007-01-03 23:13 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_48.exe
2007-01-03 23:11 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-30 03:17 <DIR> d-------- C:\Program Files\del.icio.us
2006-12-28 23:05 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\FUJIFILM
2006-12-27 13:05 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\WebCompiler3
2006-12-27 11:48 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Help
2006-12-27 06:00 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Lavasoft
2006-12-27 05:59 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-25 12:47 36,864 --a------ C:\WINDOWS\system32\slimbhqa.exe
2006-12-25 12:47 116,138 --a------ C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe
2006-12-25 12:46 66,267 --a------ C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
2006-12-25 12:46 356,663 --a------ C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
2006-12-25 12:46 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-12-25 12:46 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2006-12-25 11:29 365,132 --a------ C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-12-25 11:29 <DIR> d-------- C:\WINDOWS\system32\SearchEnhancer
2006-12-25 00:16 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2006-12-24 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ArcSoft
2006-12-23 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-23 11:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-23 11:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-23 11:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-11 23:04 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-08 22:21 <DIR> d---s---- C:\Documents and Settings\Doug\UserData


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-04 22:28 20480 --a------ C:\Documents and Settings\Doug\Application Data\internaldb4827.dat
2007-01-04 22:20 382 --a------ C:\Documents and Settings\Doug\Application Data\internaldb1942.dat
2007-01-04 22:14 151 --a------ C:\Documents and Settings\Doug\Application Data\internaldb292.dat
2007-01-04 22:14 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb2391.dat
2006-12-27 12:17 49 --a------ C:\Documents and Settings\Doug\Application Data\internaldb41.dat
2006-12-25 11:31 9216 --a------ C:\Documents and Settings\Doug\Application Data\internaldb8467.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb6334.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb5436.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb4604.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb3902.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb153.dat
2006-12-25 11:29 23 --a------ C:\Documents and Settings\Doug\Application Data\inifile41.ini
2006-12-05 13:44 -------- d-------- C:\Documents and Settings\Doug\Application Data\Google
2006-12-05 13:23 -------- d-------- C:\Program Files\Google
2006-11-27 19:15 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-23 21:57 -------- d-------- C:\Program Files\REGSHAVE
2006-11-21 01:25 -------- d-------- C:\Program Files\iTunes
2006-11-21 01:25 -------- d-------- C:\Program Files\iPod
2006-11-21 01:25 -------- d-------- C:\Documents and Settings\Doug\Application Data\Apple Computer
2006-11-21 01:24 -------- d-------- C:\Program Files\Apple Software Update
2006-11-19 20:25 -------- d-------- C:\Program Files\MSN Messenger
2006-11-19 19:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-19 17:07 28672 --a------ C:\WINDOWS\system32\qttask.exe
2006-11-19 17:07 -------- d-------- C:\Program Files\QuickTime
2006-11-19 17:04 -------- d-------- C:\Program Files\FinePixViewer
2006-11-19 16:35 -------- d-------- C:\Documents and Settings\Doug\Application Data\AdobeUM
2006-11-19 16:34 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-19 16:34 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-19 16:34 -------- d-------- C:\Documents and Settings\Doug\Application Data\Adobe
2006-11-19 16:32 -------- d-------- C:\Program Files\ArcSoft
2006-11-19 16:31 -------- d-------- C:\Program Files\VGA USB Camera
2006-11-19 16:31 -------- d-------- C:\Program Files\directx
2006-11-19 15:58 -------- d-------- C:\Program Files\TurboConnectDemo
2006-11-19 15:58 -------- d-------- C:\Program Files\PopupKiller
2006-11-19 15:55 -------- d-------- C:\Program Files\All Cleaner
2006-11-19 15:30 -------- d-------- C:\Documents and Settings\Doug\Application Data\Cyberlink
2006-11-19 15:23 6144 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-11-19 15:23 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll
2006-11-19 15:22 100 --a------ C:\AUTOEXEC.BAT
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIFCD3.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTICDMK7.dll
2006-11-19 15:18 -------- d-------- C:\Program Files\Microsoft Money
2006-11-19 15:15 -------- d-------- C:\Program Files\MSWorks
2006-11-19 15:05 -------- d-------- C:\Program Files\Snapshot Viewer
2006-11-19 15:01 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-19 15:01 -------- d-------- C:\Program Files\Common Files\Designer
2006-11-19 14:58 -------- d-------- C:\Program Files\Microsoft Office
2006-11-19 14:58 -------- d-------- C:\Documents and Settings\Doug\Application Data\Microsoft Web Folders
2006-11-17 18:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-14 21:26 -------- d-------- C:\Documents and Settings\Doug\Application Data\Sun
2006-11-13 21:51 -------- d-------- C:\Program Files\Java
2006-11-13 21:49 -------- d-------- C:\Program Files\LimeWire
2006-11-11 18:09 -------- d-------- C:\Program Files\EPSON
2006-11-08 15:36 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 14:10 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-11-01 16:05 797 --a------ C:\WINDOWS\HotFix.bat
2006-11-01 16:05 471 --a------ C:\WINDOWS\CLEANUP.CMD
2006-10-29 19:28 75736 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-29 19:28 465368 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-29 19:28 41432 --a------ C:\WINDOWS\system32\wups.dll
2006-10-29 19:28 198616 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-29 19:28 194520 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-29 19:28 18392 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-29 19:28 174040 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-29 19:28 172504 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-29 19:28 1353688 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-29 19:28 127448 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-29 19:28 124376 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-20 00:26 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 23:05 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopupKiller"="C:\\PROGRA~1\\POPUPK~1\\NoPopup.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
"VetTray"="C:\\Vet\\VetTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,04,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070108-075620-228
O2 - BHO: (no name) - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
backup-20070108-075620-403
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
backup-20070108-075620-218
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
backup-20070108-075620-307
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
backup-20070108-075620-688
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblxuwm.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\StartSC.job
C:\WINDOWS\tasks\StopSC.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-08 11:26:09.18
C:\ComboFix.txt ... 07-01-08 11:26

[HJThis]

Hey,Huitzi

Sorry for the hold on this you do have a number of files i need looked at
before we can say there bad or not.

Please zip the following bold items you are going to upload them.
make sure to Start the Topic as Suspicious files attention CalamityJane

C:\gzhgHXGGS
C:\WINDOWS\system32\slimbhqa.exe
C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe
C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe

C:\Documents and Settings\Doug\Application Data\internaldb4827.dat
C:\Documents and Settings\Doug\Application Data\internaldb1942.dat
C:\Documents and Settings\Doug\Application Data\internaldb292.dat
C:\Documents and Settings\Doug\Application Data\internaldb2391.dat
C:\Documents and Settings\Doug\Application Data\internaldb41.dat
C:\Documents and Settings\Doug\Application Data\internaldb8467.dat
C:\Documents and Settings\Doug\Application Data\internaldb6334.dat
C:\Documents and Settings\Doug\Application Data\internaldb5436.dat
C:\Documents and Settings\Doug\Application Data\internaldb4604.dat
C:\Documents and Settings\Doug\Application Data\internaldb3902.dat
C:\Documents and Settings\Doug\Application Data\internaldb153.dat
C:\Documents and Settings\Doug\Application Data\inifile41.ini

Then just go here http://www.thespykiller.co.uk/forum/index.php?board=1.0 and upload the zip(s)

Just press new topic, fill in the needed details and just give a link to your posts on the other forum & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press Post to upload the files.

NOTE: You DO NOT need to be a member to upload, anybody can upload the files


don't forget to add link back here to this Thread

=============

May i ask that you also do this for me when done with above

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Gogo

[Huitzi]

This is the link for the uploaded files but 1 file was too large to add C:\gzhgHXGGS this file contains downloaded music and i can delete it if required it is 53.1 MB

http://www.thespykiller.co.uk/forum/index....ic=3376.new#new

[Huitzi]

Doug - 07-01-08 11:25:24.07 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Doug\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-08 to 2007-01-08 ))))))))))))))))))))))))))))))))))


2007-01-08 18:04 <DIR> d-------- C:\ie-spyad
2007-01-07 10:41 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-07 10:41 <DIR> d-------- C:\Program Files\Zone Labs
2007-01-07 10:40 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-06 17:14 <DIR> d-------- C:\Security Logs
2007-01-06 15:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-06 14:30 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-01-06 14:25 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-06 14:25 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-06 14:24 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-06 14:23 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-06 14:22 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-06 14:10 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-01-06 14:10 <DIR> d-------- C:\Documents and Settings\Doug\SecurityScans
2007-01-06 13:30 <DIR> d-------- C:\123HJT
2007-01-05 16:56 <DIR> d-------- C:\gzhgHXGGS
2007-01-04 22:15 <DIR> d-------- C:\Program Files\SpywareGuard
2007-01-04 22:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-04 21:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-04 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-04 01:49 <DIR> d-------- C:\Program Files\Spy Cleaner Free Version
2007-01-04 01:21 <DIR> d-------- C:\Program Files\SpywareRemover
2007-01-03 23:13 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_48.exe
2007-01-03 23:11 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-30 03:17 <DIR> d-------- C:\Program Files\del.icio.us
2006-12-28 23:05 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\FUJIFILM
2006-12-27 13:05 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\WebCompiler3
2006-12-27 11:48 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Help
2006-12-27 06:00 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Lavasoft
2006-12-27 05:59 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-25 12:47 36,864 --a------ C:\WINDOWS\system32\slimbhqa.exe
2006-12-25 12:47 116,138 --a------ C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe
2006-12-25 12:46 66,267 --a------ C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
2006-12-25 12:46 356,663 --a------ C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
2006-12-25 12:46 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-12-25 12:46 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2006-12-25 11:29 365,132 --a------ C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-12-25 11:29 <DIR> d-------- C:\WINDOWS\system32\SearchEnhancer
2006-12-25 00:16 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2006-12-24 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ArcSoft
2006-12-23 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-23 11:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-23 11:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-23 11:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-11 23:04 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-08 22:21 <DIR> d---s---- C:\Documents and Settings\Doug\UserData


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-04 22:28 20480 --a------ C:\Documents and Settings\Doug\Application Data\internaldb4827.dat
2007-01-04 22:20 382 --a------ C:\Documents and Settings\Doug\Application Data\internaldb1942.dat
2007-01-04 22:14 151 --a------ C:\Documents and Settings\Doug\Application Data\internaldb292.dat
2007-01-04 22:14 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb2391.dat
2006-12-27 12:17 49 --a------ C:\Documents and Settings\Doug\Application Data\internaldb41.dat
2006-12-25 11:31 9216 --a------ C:\Documents and Settings\Doug\Application Data\internaldb8467.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb6334.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb5436.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb4604.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb3902.dat
2006-12-25 11:30 0 --a------ C:\Documents and Settings\Doug\Application Data\internaldb153.dat
2006-12-25 11:29 23 --a------ C:\Documents and Settings\Doug\Application Data\inifile41.ini
2006-12-05 13:44 -------- d-------- C:\Documents and Settings\Doug\Application Data\Google
2006-12-05 13:23 -------- d-------- C:\Program Files\Google
2006-11-27 19:15 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-23 21:57 -------- d-------- C:\Program Files\REGSHAVE
2006-11-21 01:25 -------- d-------- C:\Program Files\iTunes
2006-11-21 01:25 -------- d-------- C:\Program Files\iPod
2006-11-21 01:25 -------- d-------- C:\Documents and Settings\Doug\Application Data\Apple Computer
2006-11-21 01:24 -------- d-------- C:\Program Files\Apple Software Update
2006-11-19 20:25 -------- d-------- C:\Program Files\MSN Messenger
2006-11-19 19:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-19 17:07 28672 --a------ C:\WINDOWS\system32\qttask.exe
2006-11-19 17:07 -------- d-------- C:\Program Files\QuickTime
2006-11-19 17:04 -------- d-------- C:\Program Files\FinePixViewer
2006-11-19 16:35 -------- d-------- C:\Documents and Settings\Doug\Application Data\AdobeUM
2006-11-19 16:34 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-19 16:34 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-19 16:34 -------- d-------- C:\Documents and Settings\Doug\Application Data\Adobe
2006-11-19 16:32 -------- d-------- C:\Program Files\ArcSoft
2006-11-19 16:31 -------- d-------- C:\Program Files\VGA USB Camera
2006-11-19 16:31 -------- d-------- C:\Program Files\directx
2006-11-19 15:58 -------- d-------- C:\Program Files\TurboConnectDemo
2006-11-19 15:58 -------- d-------- C:\Program Files\PopupKiller
2006-11-19 15:55 -------- d-------- C:\Program Files\All Cleaner
2006-11-19 15:30 -------- d-------- C:\Documents and Settings\Doug\Application Data\Cyberlink
2006-11-19 15:23 6144 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-11-19 15:23 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll
2006-11-19 15:22 100 --a------ C:\AUTOEXEC.BAT
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTIFCD3.dll
2006-11-19 15:20 1024 -r-h----- C:\WINDOWS\system32\NTICDMK7.dll
2006-11-19 15:18 -------- d-------- C:\Program Files\Microsoft Money
2006-11-19 15:15 -------- d-------- C:\Program Files\MSWorks
2006-11-19 15:05 -------- d-------- C:\Program Files\Snapshot Viewer
2006-11-19 15:01 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-19 15:01 -------- d-------- C:\Program Files\Common Files\Designer
2006-11-19 14:58 -------- d-------- C:\Program Files\Microsoft Office
2006-11-19 14:58 -------- d-------- C:\Documents and Settings\Doug\Application Data\Microsoft Web Folders
2006-11-17 18:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-14 21:26 -------- d-------- C:\Documents and Settings\Doug\Application Data\Sun
2006-11-13 21:51 -------- d-------- C:\Program Files\Java
2006-11-13 21:49 -------- d-------- C:\Program Files\LimeWire
2006-11-11 18:09 -------- d-------- C:\Program Files\EPSON
2006-11-08 15:36 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 14:10 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-11-01 16:05 797 --a------ C:\WINDOWS\HotFix.bat
2006-11-01 16:05 471 --a------ C:\WINDOWS\CLEANUP.CMD
2006-10-29 19:28 75736 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-29 19:28 465368 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-29 19:28 41432 --a------ C:\WINDOWS\system32\wups.dll
2006-10-29 19:28 198616 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-29 19:28 194520 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-29 19:28 18392 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-29 19:28 174040 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-29 19:28 172504 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-29 19:28 1353688 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-29 19:28 127448 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-29 19:28 124376 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-20 00:26 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 23:05 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopupKiller"="C:\\PROGRA~1\\POPUPK~1\\NoPopup.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
"VetTray"="C:\\Vet\\VetTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,04,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070108-075620-228
O2 - BHO: (no name) - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
backup-20070108-075620-403
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
backup-20070108-075620-218
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
backup-20070108-075620-307
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
backup-20070108-075620-688
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblxuwm.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\StartSC.job
C:\WINDOWS\tasks\StopSC.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-08 11:26:09.18
C:\ComboFix.txt ... 07-01-08 11:26

Logfile of HijackThis v1.99.1
Scan saved at 11:45:11 AM, on 9/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Vet\isafe.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Vet\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\POPUPK~1\NoPopup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\123HJT\hijackthis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PopupKiller] C:\PROGRA~1\POPUPK~1\NoPopup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chocchip01.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

This post has been edited by Huitzi: Jan 9 2007, 02:08 AM

[HJThis]

Hi,Huitzi

Nice work don't delete that file just yet and lit's hold-on to see
if CJ has a chance to look at them files for us.
so please check back now and then.

Did you run the SDFix if so show me a logfile

Gogo

[Huitzi]

Here is the SD Fxt log and also I would like to thank you for your patients



SDFix: Version 1.57
****************

Tue 09/01/2007 - 19:23:32.45

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:




Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------


Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\System32\\FXSCLNT.exe"="C:\\WINDOWS\\System32\\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\NTDETECT.COM
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIBUN4.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\hiberfil.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

FINISHED!

[LS CalamityJane]

Hi, I got this files this morning

One more report we would like to see please:

Open HijackThis and instead of scan, please choose *Open Misc Tools Section*

Then press the *Open Uninstall Manager* button

Wait while it prepares a list. When it finishes, press the *save list* button and text file should popup in Notepad. Please copy that list and post the results back here for review

[LS CalamityJane]

Could you also check these directories and see if there are any files in these folders:

C:\WINDOWS\system32\SearchEnhancer

C:\WINDOWS\system32\SearchTool

Upload any files found to the topic you started at TheSpykiller:
http://www.thespykiller.co.uk/forum/index.php?topic=3376.0

[Huitzi]

files have been uploaded Jane

I dont know what mprosafe is? do you?


Acer eManager for Notebook
Acer eNetManagement
Acer ePowerManagement
Acer GridVista
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Apple Software Update
Arcade 3.0
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Conexant AC-Link Audio
del.icio.us Buttons for Internet Explorer
EPSON Printer Software
FinePixViewer Ver.4.0
FUJIFILM USB Driver
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
ImageMixer VCD for FinePix
Intel® PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 10
Launch Manager
LimeWire 4.12.6
mCore
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 4.0
MicroStaff WINASPI NT
mMHouse
mPfMgr
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
mWlsSafe
NETGEAR WG111 Software
NTI Backup NOW! 4
NTI CD & DVD-Maker
PopupKiller
PowerProducer
QuickTime
RAW FILE CONVERTER LE
Search Enhancer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
The Sims 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Vet Anti-Virus
VGA USB Camera
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZoneAlarm

[LS CalamityJane]

I'm not sure what the mprosafe program is but I don't think it's malware. Have a look in the folder at the files in there and see if rightclicking on the file and choosing *properties* tells you any thing about it. It appear to come with the other "mtools". Is this a Dell computer by chance?

As for the files you uploaded, those are all part of a Begin2search adware variant.

Try removing SearchEnhancer from Add/Remove programs in the control panel first

Then delete these folders:

C:\WINDOWS\system32\SearchEnhancer

C:\WINDOWS\system32\SearchTool

and delete any of these files that may remain. All are part of this Begin2search pest (SearchEnhancer)


C:\WINDOWS\system32\slimbhqa.exe

C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe

C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe

C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe

C:\WINDOWS\system32\SearchTool

C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe

These files may have come bundled with some other software you may have downloaded. They all installed around the same time, just after midnight on Christmas Eve (so early morning Christmas Day). Does that ring any bells?

[LS CalamityJane]

You can delete all of these as well, they are mostly harmless leftovers, but associated with SearchEnhancer so NO need to keep them:

C:\Documents and Settings\Doug\Application Data\internaldb4827.dat
C:\Documents and Settings\Doug\Application Data\internaldb1942.dat
C:\Documents and Settings\Doug\Application Data\internaldb292.dat
C:\Documents and Settings\Doug\Application Data\internaldb2391.dat
C:\Documents and Settings\Doug\Application Data\internaldb41.dat
C:\Documents and Settings\Doug\Application Data\internaldb8467.dat
C:\Documents and Settings\Doug\Application Data\internaldb6334.dat
C:\Documents and Settings\Doug\Application Data\internaldb5436.dat
C:\Documents and Settings\Doug\Application Data\internaldb4604.dat
C:\Documents and Settings\Doug\Application Data\internaldb3902.dat
C:\Documents and Settings\Doug\Application Data\internaldb153.dat

C:\Documents and Settings\Doug\Application Data\inifile41.ini