[reddd]

<edit for merge>

[reddd]

Hello. Somehow I got the winspywareprotect virus and was hoping you could help me get rid of it.

Superantispyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/26/2008 at 09:09 PM
Application Version : 4.15.1000
Core Rules Database Version : 3517
Trace Rules Database Version: 1507
Scan type : Complete Scan
Total Scan Time : 01:28:27
Memory items scanned : 482
Memory threats detected : 12
Registry items scanned : 7034
Registry threats detected : 77
File items scanned : 25271
File threats detected : 331
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\THEXYUTX.DLL
C:\WINDOWS\SYSTEM32\THEXYUTX.DLL
C:\WINDOWS\SYSTEM32\MVEFWYQQ.DLL
C:\WINDOWS\SYSTEM32\MVEFWYQQ.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP726\A0075827.DLL
C:\WINDOWS\SYSTEM32\FPRTSESO.DLL
Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\YAYAYRQO.DLL
C:\WINDOWS\SYSTEM32\YAYAYRQO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8361777F-3DF6-40DC-87D5-30035848F47D}
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}\InprocServer32
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}\InprocServer32
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayaYrqO
C:\WINDOWS\SYSTEM32\PMNKICYX.DLL
Trojan.Unclassified/Dropper-WinNT32
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\URQRKABR.DLL
C:\WINDOWS\SYSTEM32\URQRKABR.DLL
Adware.VideoAccessCodec/Gen
C:\WINDOWS\EQVWAMKL.DLL
C:\WINDOWS\EQVWAMKL.DLL
Adware.Vundo-Variant/J
C:\WINDOWS\WNSLVXTF.DLL
C:\WINDOWS\WNSLVXTF.DLL
Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\TSAKSFXX.DLL
C:\WINDOWS\SYSTEM32\TSAKSFXX.DLL
HKLM\Software\Classes\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFc}
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}\InprocServer32
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}\InprocServer32
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B46BD0F4-521A-41DC-A2EA-600893581DFc}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
C:\WINDOWS\SYSTEM32\GHSMJAOC.DLL
C:\WINDOWS\SYSTEM32\OBLPMRXI.DLL
Rogue.WinSpywareProtect
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
[s9201] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
C:\WINDOWS\Prefetch\WSPWPRTCT.EXE-25252D54.pf
Trojan.Unclassified/GTS
C:\WINDOWS\FDKOWVBP.DLL
C:\WINDOWS\FDKOWVBP.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\InprocServer32
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\InprocServer32#ThreadingModel
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\ProgID
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\Programmable
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\TypeLib
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\VersionIndependentProgID
HKCR\fdkowvbp.1
HKCR\fdkowvbp
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\0
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\0\win32
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\FLAGS
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\HELPDIR
Trojan.Net-MSV/VPS-Variant
C:\WINDOWS\NFAVXWDBMFE.DLL
C:\WINDOWS\NFAVXWDBMFE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\InprocServer32
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\InprocServer32#ThreadingModel
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\ProgID
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\Programmable
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\TypeLib
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\VersionIndependentProgID
Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1ER4HUV\3077AHNTDKSR[1].DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1ER4HUV\3077AHNTDKSR[1].DLL
HKLM\Software\Classes\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}\InprocServer32
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IH5KPE52\3077AHNTDKSR[1].DLL
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IH5KPE52\3077AHNTDKSR[2].DLL
Adware.Tracking Cookie
C:\Documents and Settings\Ryan\Cookies\ryan@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cbs.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pornstarslikeitbig[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@affiliate1.ticketcity[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjlyunajwco.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bluestreak[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.monster[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zedo[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.blankdvdmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.freearcade[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@247realmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@112.2o7[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@livenation.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nike.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-deltatre.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@reduxads.valuead[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statse.webtrendslive[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adtech[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@fastclick[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4uicpmcq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.cpmstar[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statcounter[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketsnow[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@data.coremetrics[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.lookery[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.ticketsnow[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkoggczghq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@4.adbrite[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mediaplex[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@revsci[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.countytimes.co[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@casalemedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnygidzeko.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@stats.paypal[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-twi.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bet.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@wildbluffmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tradedoubler[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tremor.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-aha.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.adrevolver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bellglobemediapublishin g.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@leveragemarketing.112.2 o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkokmd5gfo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketcity[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-gamespyinc.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@overture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zillow.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-yellowpages.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgmywmajkbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@clicktorrent[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblykgdjsgp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@honoluluadvertiser[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.us.e-planning[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@richmedia.yahoo[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@everykilowattcounts[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@advertising[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.pointroll[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adecn[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@login.tracking101[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adrevolver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfmichdjgeq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.as4x.tmcs.ticketmas ter[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnyelczmhp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.telegraph.co[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbk4uncjseo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@counter.surfcounters[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@paypal.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.stars.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www2.addfreestats[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgl4snc5gdo.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@blankdvdmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vitamine.networldmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@specificclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.revsci[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@collective-media[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@interclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.euroclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@xiti[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pro-market[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bs.serving-sys[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vitamine.networldmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-reed.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@stat.dealtime[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.ticketcity[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@prospect.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjk4ckcpchp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@networldmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wflialdjeho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4kgczgeq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adidascanada.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkokiazgho.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@countingdown[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1nczik.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.ps3.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.specificclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-cardomain.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@maxis.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgmiahcpmfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.neoedge[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4umcjaap.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstnet[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkysgajkko.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@chitika[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmikndzibq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@sonyscei.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bizrate[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgk4upc5afo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.county.oxford.on[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tacoda[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rogersmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@counter.hitslink[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bbfadnet[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-triseptsolutions.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-hyundaicanada.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbligod5ago.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adcentriconline[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmiqgd5mcq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbl4oicpmep.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[4].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vortexmediagroup[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4ekc5igp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkycmcpsfq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@socialmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@s.clickability[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.widgetbucks[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.cardomain[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dealtime[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.usercash[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@accounts.pkr[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfmiqgajmbq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@workopolis.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4uiajgkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkionajwcp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnycicpkho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indextools[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.blankdvdmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dynamic.media.adrevolve r[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4gnajaco.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rotator.adjuggler[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@test.koadserver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@insightexpressai[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgl4wgajglq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partygaming.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@citi.bridgetrack[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlyupdzafo.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfk4alcjilo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@test.coremetrics[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@kontera[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media6degrees[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.adrevolver[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tracker.shop[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnaccountservices.112. 2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whk4wldjolq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.mtvnservices[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partner2profit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlyepdzcfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@list[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkyaldpiao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjlikjdjmhp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@optimize.indieclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlowmczidp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@roiservice[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pornhub[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjloakcpsao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dmtracker[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfloakczikp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkyqmazidq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nextag[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblywoazafp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@azjmp[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bizrate.co[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmicod5wdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad1.king[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdkiumd5icp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rambler[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cgm.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4gldzklo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@toplist[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@gomyhit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4emdjaao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.emedtv[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@linksynergy[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@lotsofads.smilingtraffi c[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@weborama[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliqpcjadq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adinsert.buddymedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-mgnlimited.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addesktop[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgk4qhd5kkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whkikodzcao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whmikkdjgdq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.react2media[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1jczwg.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliagdjmgp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmiuhdzsdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@aimfar.solution.weboram a[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkyohdzadp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1kd5gg.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.popuptraffic[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@homedepotca.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliamc5cep.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.googleadservices[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@gomyhit[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whkienazwfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partypoker[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.toseeka[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adlegend[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnyqndzeeq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficrotator[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adbrite[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@anad.tacoda[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@imrworldwide[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indexstats[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbmiandpgkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.advertising-department[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblyeod5gbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nhl.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trvlnet.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@a.websponsors[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@yadro[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@chumtv.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@account.live[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfliqhazwdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbkisjdpsco.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-allegisgroup.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstbeacon[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnysgczefq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@toseeka[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@videoegg.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliskazwho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad1.clickhype[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkoglcjseq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbkikhdzeaq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnbc.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adsrevenue[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkoulcpwbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.wii.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnygkdpeko.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@goal.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@torstardigital.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@wmvmedialease[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zedo[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@msnportal.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@specificclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@adopt.euroclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@msnaccountservices.112.2o7[2].txt
Adware.Toolbar888
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID
Trojan.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #advap32 [ C:\DOCUME~1\Ryan\LOCALS~1\Temp\scksexde.exe/r ]
C:\WINDOWS\system32\WinCtrl32.dl_
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMP\SMCHK.EXE
C:\WINDOWS\SYSTEM32\WAPITR.EXE
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1335142754-2142497010-1476782021-1006\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 ]
Adware.IPWins
C:\Program Files\ipwindows\pop12.tmp
C:\Program Files\ipwindows\pop15.tmp
C:\Program Files\ipwindows
Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Ryan\Desktop\Error Cleaner.url
C:\Documents and Settings\Ryan\Desktop\Privacy Protector.url
C:\Documents and Settings\Ryan\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Ryan\Favorites\Error Cleaner.url
C:\Documents and Settings\Ryan\Favorites\Privacy Protector.url
C:\Documents and Settings\Ryan\Favorites\Spyware&Malware Protection.url
Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#DisplayName
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1335142754-2142497010-1476782021-1006\Software\Microsoft\rdfa
Rogue.AntiSpywareExpert
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#DLLNam e
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#StartS hell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Impers onate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Asynch ronous
Trojan.Unclassified/BindSRV
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMP\BINDSRV2.EXE
Adware.IWinGames
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP677\A0068371.DLL
Trojan.Dropper/Gen
C:\WINDOWS\GRSWPTDL.EXE


Anti-malware Log

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
12:26:16 AM 27/07/2008
antimalwarelog
Scan type: Full Scan (C:\|)
Objects scanned: 165869
Time elapsed: 1 hour(s), 56 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 8
Registry Data Items Infected: 18
Folders Infected: 6
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\urqRKaBr.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06551ab2-4cda-44b3-ae6b-b990817ccf75} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{06551ab2-4cda-44b3-ae6b-b990817ccf75} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bwfa (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkabr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkabr -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00102) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoStartMenuMoreProgram s (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> No action taken.
Files Infected:
C:\WINDOWS\system32\urqRKaBr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rBaKRqru.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rBaKRqru.ini2 (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ryan\My Documents\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072954.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\erfn.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> No action taken.
C:\Program Files\Oberon Media\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725122728062.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725123301656.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725125438578.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725163046312.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726143723640.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726191643578.log (Rogue.WinSpywareProtect) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\BM9325910c.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM9325910c.txt (Trojan.Vundo) -> No action taken.


Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:48 AM, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AA.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AA.EXE /FU "C:\WINDOWS\TEMP\E_S1722.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20F...es/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fairy%20G.../armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 9829 bytes


To the mod, sorry for double post.

[evilfantasy]

Welcome to Computer Juice.

Your posts will not show up right away as you are a new member so any posts with links in them have to be approved by a moderator. Just post once, well get them when we see it.

I'm looking at the logs now, be right back.....

[evilfantasy]

In the MalwareBytes log everything says No action taken.? Did you copy the log before you finished cleaning?

Can you post the log after cleaning please. Open MBAM then click the Logs tab to view and post it here.

[reddd]

I ran Anti-Malware again. Here is the log.

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
10:41:52 AM 27/07/2008
mbam-log-7-27-2008 (10-41-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 159397
Time elapsed: 1 hour(s), 48 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0077902.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

[evilfantasy]

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• 02 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
• O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
• O24 - Desktop Component 0: Privacy Protection - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code:

@ECHO OFF
sc stop BOONTY
sc delete BOONTY
exit

In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Download OTMoveIt2 by OldTimer

• Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

• Double-click OTMoveIt2.exe to run it.
• Copy the lines in the codebox below.

Code:

[kill explorer]
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
• Close OTMoveIt2

----------

Be sure to restart the computer and then let me know how everything is now.

[reddd]

Explorer killed successfully
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_204543


My desktop is still not the same as before the virus. The wall paper is from about a year ago but the wallpaper before the virus shows up when I shut doiwn the computer and all the Labels on the desktop icons have a white background. Other than that it seems ok.

[evilfantasy]

I'm not sure what all damage the virus did but I think we should take a closer look. You may have to change all of your settings back manually.

This is a quick scan but will contain a lot of information. Please be sure to post both logs.

Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open.
  • main.txt <- this one will be maximized
  • extra.txt <- this one will be minimized
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.

[reddd]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1021.98 MiB / 597.47 MiB
Pagefile Memory (total/avail): 1696.32 MiB / 1331.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.79 MiB
C: is Fixed (NTFS) - 71.46 GiB total, 19.49 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N/P - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Infogrames\\Roller Coaster Tycoon 2\\rct2.exe"="C:\\Program Files\\Infogrames\\Roller Coaster Tycoon 2\\rct2.exe:*:Disabled:rct2"
"C:\\Documents and Settings\\Ryan\\Desktop\\nestc042\\NESTCL95.EXE"=" C:\\Documents and Settings\\Ryan\\Desktop\\nestc042\\NESTCL95.EXE:*: Disabled:NESTCL95"
"C:\\Program Files\\Nesticle\\NESTCL95.EXE"="C:\\Program Files\\Nesticle\\NESTCL95.EXE:*:Disabled:NESTCL95"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:R ealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Pro gram Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disable d:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Yahoo! Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Yahoo! Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe"="C:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe:*:Enabled:PuzzleExpress "
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Pro gram Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"C:\\Program Files\\Infogrames\\Clue\\clue.exe"="C:\\Program Files\\Infogrames\\Clue\\clue.exe:*:Enabled:clue"
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"="C:\\Program Files\\MostFun\\Bin\\MostFun.exe:*:Disabled:MostFu n Agent"
"C:\\Program Files\\Global Star Software\\Luxury Liner Tycoon\\Cruise.exe"="C:\\Program Files\\Global Star Software\\Luxury Liner Tycoon\\Cruise.exe:*:Disabled:Main Executable"
"C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"="C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe:*:Enabled:CruiseShipT ycoon"
"C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\Yahtzee.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\Yahtzee.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Pro gram Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Disable d:Java(TM) Platform SE binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KOSKI
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan
LOGONSERVER=\\KOSKI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp
USERDOMAIN=KOSKI
USERNAME=Ryan
USERPROFILE=C:\Documents and Settings\Ryan
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Ryan (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11g Wireless USB 2.0 Adapter --> C:\WINDOWS\system32\unwlsdrv.exe SiS163u
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Azureus --> C:\Program Files\Azureus\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
Downbeat --> "C:\Program Files\Oberon Media\Downbeat\Uninstall.exe" "C:\Program Files\Oberon Media\Downbeat\install.log"
EPSON CX4400 Series User's Guide --> C:\Program Files\epson\guide\cx4400_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX4400 Series Scanner Driver Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{471B83B9-29D8-41EC-9974-56BB8A457A8B}\Setup.exe" -l0x9
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jojos Fashion Show 2 Las Cruces --> "C:\WINDOWS\Jojos Fashion Show 2 Las Cruces\uninstall.exe" "/U:C:\Program Files\Jojos Fashion Show 2 Las Cruces\Uninstall\uninstall.xml"
Jojos Fashion Show 2 Las Cruces (remove only) --> "C:\Program Files\iWin.com\Jojos Fashion Show 2 Las Cruces\Uninstall.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Documents and Settings\Ryan\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Miss Popularity (remove only) --> "C:\Program Files\iWin.com\Miss Popularity\Uninstall.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Ryan\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Ultra Edition --> MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
Network Magic --> MsiExec.exe /X{9E4415D0-8343-4D63-8C0C-B2A89871BBF0}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\ESET\Eset\unins000.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Ranch Rush --> "C:\Program Files\Oberon Media\Ranch Rush\Uninstall.exe" "C:\Program Files\Oberon Media\Ranch Rush\install.log"
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rg uninst" "AddRemove"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Princess Bride Game --> MsiExec.exe /X{36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Princess Bride Game (remove only) --> C:\Program Files\Yahoo! Games\PrincessBride\Uninstall.exe {36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TRENDnet TEW-424UB --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1 \IDriver.exe /M{BDC88E5A-F47B-4314-AB38-994592E32C95}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vogue Tales --> "C:\Program Files\Oberon Media\Vogue Tales\Uninstall.exe" "C:\Program Files\Oberon Media\Vogue Tales\install.log"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Pure Networks Address Resolution Protocol (ARP) Driver (11/09/2006 4.0.6313.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1 C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_E771F699F1B7E91 C9F59B9A4D59E98AF750A4191\pnarp.inf
Windows Driver Package - Pure Networks NDIS Relay Protocol Driver (11/09/2006 4.0.6313.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1 C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_49D8AAE01CF9 D5112DBEB165AC94B7F537289DBC\purendis.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL

-- Application Event Log -------------------------------------------------------
Event Record #/Type1770 / Warning
Event Submitted/Written: 07/28/2008 09:00:25 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type1769 / Warning
Event Submitted/Written: 07/28/2008 09:00:25 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type1763 / Warning
Event Submitted/Written: 07/27/2008 08:47:58 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type1762 / Warning
Event Submitted/Written: 07/27/2008 08:47:58 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type1757 / Warning
Event Submitted/Written: 07/27/2008 08:38:29 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type48405 / Warning
Event Submitted/Written: 07/27/2008 08:25:34 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016768C58FC. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type48264 / Error
Event Submitted/Written: 07/27/2008 00:29:47 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type48239 / Error
Event Submitted/Written: 07/26/2008 09:15:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type48236 / Error
Event Submitted/Written: 07/26/2008 09:14:43 PM / 07/26/2008 09:15:13 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'thexyutx.dll' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
Event Record #/Type48211 / Error
Event Submitted/Written: 07/26/2008 07:38:00 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

-- End of Deckard's System Scanner: finished at 2008-07-28 14:21:43 ------------



Deckard's System Scanner v20071014.68
Run by Ryan on 2008-07-28 14:18:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
61: 2008-07-28 18:18:55 UTC - RP733 - Deckard's System Scanner Restore Point
60: 2008-07-28 14:36:10 UTC - RP732 - System Checkpoint
59: 2008-07-27 04:48:06 UTC - RP731 - Installed Java(TM) 6 Update 7
58: 2008-07-27 04:33:24 UTC - RP730 - Made by Registry Mechanic
57: 2008-07-27 01:16:24 UTC - RP729 - Last known good configuration

-- First Restore Point --
1: 2008-07-27 01:16:02 UTC - RP673 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ryan.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:48 PM, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\5XPJPA9O\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Ryan\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AA.EXE /FU "C:\WINDOWS\TEMP\E_S1722.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryan\Desktop\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryan\Desktop\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20F...es/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fairy%20G.../armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 9468 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080727-203703-666 O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
backup-20080727-203703-740 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080727-203703-834 O24 - Desktop Component 0: Privacy Protection - (no file)
backup-20080727-203703-960 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
S0 Winty05 - c:\windows\system32\drivers\winty05.sys (file missing)
S0 Winwd83 - c:\windows\system32\drivers\winwd83.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 SiSWLSvc (SiS WirelessLan Service) - c:\program files\trendnet\tew-424ub\siswlsvc.exe
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>
S4 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-06-13 18:16:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------
2008-07-27 00:50:38 0 dr-h----- C:\Documents and Settings\Ryan\Recent
2008-07-27 00:48:40 0 d-------- C:\Program Files\CCleaner
2008-07-26 19:38:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 19:38:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-26 19:38:37 0 d-------- C:\Documents and Settings\Ryan\Application Data\SUPERAntiSpyware.com
2008-07-26 19:37:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-26 19:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy <SPYBOT~1>
2008-07-26 19:28:27 0 d-------- C:\Program Files\Trend Micro
2008-07-26 19:26:44 0 d-------- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-07-26 19:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 12:26:49 0 d-------- C:\Documents and Settings\Ryan\Application Data\TmpRecentIcons
2008-07-25 12:25:54 87658306 --a------ C:\DREAM DAY WEDDING 2.EXE
2008-07-25 12:25:00 0 d-------- C:\WINDOWS\Dream Day Wedding 2
2008-07-23 19:08:21 106 ---hs---- C:\WINDOWS\WSYS049.SYS
2008-07-21 13:44:03 0 d-------- C:\WINDOWS\Fashion Star
2008-07-21 13:44:03 0 d-------- C:\Program Files\Fashion Star
2008-07-10 20:49:54 0 d-------- C:\WINDOWS\Jojos Fashion Show 2 Las Cruces
2008-07-10 20:49:54 0 d-------- C:\Program Files\Jojos Fashion Show 2 Las Cruces
2008-07-05 13:41:15 0 d-------- C:\WINDOWS\Build in Time
2008-07-05 12:02:45 0 d-------- C:\Program Files\Build in Time
2008-07-04 17:10:58 0 d-------- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-07-04 17:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-03 18:09:40 0 d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-07-02 14:57:28 0 d-------- C:\Documents and Settings\Ryan\Application Data\Ludia
2008-07-02 14:57:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia

-- Find3M Report ---------------------------------------------------------------
2008-07-27 00:49:25 0 d-------- C:\Program Files\Java
2008-07-26 19:37:04 0 d-------- C:\Program Files\Common Files
2008-07-25 12:37:43 0 d-------- C:\Program Files\Oberon Media
2008-07-25 12:25:00 0 d-------- C:\Documents and Settings\Ryan\Application Data\Azureus
2008-07-23 19:21:12 0 d-------- C:\Program Files\Shockwave.com
2008-07-23 19:17:00 0 d-------- C:\Program Files\RealArcade
2008-07-10 18:03:12 0 d-------- C:\Documents and Settings\Ryan\Application Data\Gamelab
2008-07-10 18:02:09 0 d-------- C:\Program Files\iWin.com
2008-07-09 20:48:27 0 d-------- C:\Program Files\Google
2008-07-06 10:04:32 0 d-------- C:\Documents and Settings\Ryan\Application Data\AdobeUM
2008-07-04 17:09:59 0 d-------- C:\Program Files\Yahoo! Games
2008-06-21 13:05:09 0 d-------- C:\Program Files\LeeGTs Games
2008-06-13 18:00:18 0 d-------- C:\Program Files\Soulseek
2008-06-13 10:09:03 0 d-------- C:\Program Files\Yard Sale Junkie
2008-06-05 20:52:24 0 d-------- C:\Program Files\BFG
2008-06-05 18:53:00 0 d-------- C:\Documents and Settings\Ryan\Application Data\iWin
2008-06-03 10:16:51 0 d-------- C:\Program Files\Westward 2
2008-06-03 10:15:38 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2008-06-01 20:21:15 0 d-------- C:\Documents and Settings\Ryan\Application Data\Sudden Games
2008-05-04 19:17:57 0 --a------ C:\Program Files\temp01

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 08:42 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 08:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 08:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [05/04/2005 08:23 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [03/05/2006 03:12 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [19/07/2006 02:34 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 11:44 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [12/08/2005 04:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 04:40 PM]
"RegistryMechanic"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [03/02/2007 10:14 PM]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 04:17 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27 AM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 07:14 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 07:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"EPSON Stylus CX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATICAA.exe" [01/03/2007 07:01 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994 592E32C95.exe [08/01/2007 11:34:02 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Winhm84.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Winot16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Winty05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Winwd83.sys]
@="Driver"


-- End of Deckard's System Scanner: finished at 2008-07-28 14:21:43 ------------

[evilfantasy]

Open Hijackthis and select Do a system scan only and then place a check mark next to:

O24 - Desktop Component 0: Privacy Protection - (no file)

Now click Fix checked and then exit Hijackthis.

----------

Go to Add or Remove Programs and uninstall:

Note: Do not select to Restart until all of the entries have been uninstalled.

Extra note: Be sure NOT to uninstall Java(TM) 6 Update 7

• J2SE Runtime Environment 5.0 Update 11
• J2SE Runtime Environment 5.0 Update 8
• J2SE Runtime Environment 5.0 Update 9
• Java 2 Runtime Environment, SE v1.4.2_03
• Java(TM) 6 Update 2
• Java(TM) 6 Update 3
• Java(TM) 6 Update 5
• Java(TM) SE Runtime Environment 6 Update 1
• LiveUpdate 2.6 (Symantec Corporation)
• Viewpoint Media Player

Now restart the computer.

----------

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Exit JavaRa.
• Delete the JavaRa .zip .exe and .html files from the Desktop.

----------

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

----------

Use the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.