spyguardpro annoying popups

OriginalGhost · 2008/02/06

Hi

I keep getting popups from a little exclamation (!) mark in a yellow triangle sat next to an X in a red circle in my desktop shortcuts area of the moniter screen (bottom right)

If clicked they bring up a webpage asking me to buy some cheap arsed spyware program called Spyguardpro.

i've tried everything and can't get the buggers wiped..

any and all help is appreciated

thanks

PeteC · 2008/02/06

OriginalGhost - Welcome to the Board

Read this and post the logs requested in your next posts here - you will need to post one log/post.

PeteC · 2008/02/06

Please be aware that as you are a new member here if any of your first 10 posts contain a URL (the logs requested will contain URL's) the posts will need to be moderated - there was a message to this effect when you joined up.

Until your post has been moderated (approved) you will not see it - so please don't think something is wrong and post again - you won't see that either

OriginalGhost · 2008/02/06

Thanks for the fast reply duders,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:55, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcat.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe "
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\RunOnce: [Execute] C:\WINDOWS\System32\Tools\DelFolders.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201209774953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9466 bytes

OriginalGhost · 2008/02/06

Deckard

Deckard's System Scanner v20071014.68
Run by Stu on 2008-02-06 18:55:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
49: 2008-02-06 18:55:39 UTC - RP49 - Deckard's System Scanner Restore Point
48: 2008-02-06 18:29:37 UTC - RP48 - Norton AntiVirus post configuration restore point
47: 2008-02-06 17:58:28 UTC - RP47 - SPTD setup V1.50
46: 2008-02-05 23:01:04 UTC - RP46 - Installed SpywareRemover
45: 2008-02-05 22:53:00 UTC - RP45 - Removed AntiSpyware

-- First Restore Point --
1: 2008-01-25 21:24:23 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Stu.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:51, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Documents and Settings\Stu\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcat.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe "
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\RunOnce: [Execute] C:\WINDOWS\System32\Tools\DelFolders.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201209774953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9645 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 PciCon - d:\pcicon.sys (file missing)
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-06 18:29:30 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Stu.job
2008-02-06 18:17:47 304 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job

-- Files created between 2008-01-06 and 2008-02-06 -----------------------------

2008-02-06 18:46:35 0 d-------- C:\Program Files\Trend Micro
2008-02-06 18:35:54 215144 --a------ C:\WINDOWS\patchw32.dll
2008-02-06 18:35:19 215144 --a------ C:\WINDOWS\pw32a.dll
2008-02-06 18:19:42 0 d-------- C:\Program Files\Norton AntiVirus
2008-02-06 18:17:43 0 d-------- C:\Program Files\Norton SystemWorks Premier
2008-02-06 18:00:35 0 d-------- C:\Program Files\DAEMON Tools
2008-02-06 17:58:29 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-06 17:04:48 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-02-05 23:22:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 23:01:05 0 d-------- C:\Program Files\BulletProofSoft.com
2008-02-05 22:49:10 0 d-------- C:\Documents and Settings\Stu\Application Data\AntiSpyware
2008-02-05 22:49:02 0 d-------- C:\Program Files\AntiSpywareApp
2008-02-05 22:22:54 0 d-------- C:\WINDOWS\pss
2008-02-05 21:50:51 0 d-------- C:\Program Files\RegCure
2008-02-05 21:11:21 0 d-------- C:\!KillBox
2008-02-05 20:44:04 0 d-------- C:\Program Files\XoftSpySE
2008-02-05 20:21:59 15872 --a------ C:\WINDOWS\system32\drvcat.dll
2008-02-01 20:11:49 143360 -r------- C:\WINDOWS\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-02-01 20:11:48 1953792 -r------- C:\WINDOWS\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-02-01 20:11:47 0 d-------- C:\RaidTool
2008-02-01 20:11:43 0 d-------- C:\WINDOWS\RaidTool
2008-02-01 20:07:56 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-01 20:04:29 0 d-------- C:\Program Files\Intel
2008-02-01 20:04:23 0 d-------- C:\Intel
2008-02-01 19:59:23 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-02-01 07:42:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-31 15:25:35 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-31 15:24:52 0 d-------- C:\WINDOWS\NV676964.TMP
2008-01-26 20:06:24 0 d-------- C:\New Folder
2008-01-26 19:56:24 0 d-------- C:\WINDOWS\NV11281136.TMP
2008-01-26 17:09:30 0 d-------- C:\Documents and Settings\Val\Application Data\BloodTies
2008-01-26 15:55:48 0 d-------- C:\WINDOWS\system32\Data
2008-01-26 13:52:38 0 d-------- C:\WINDOWS\Sun
2008-01-26 12:25:56 0 d-------- C:\Program Files\IncrediGames
2008-01-26 12:25:56 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-01-26 10:21:34 0 d-------- C:\Program Files\HP
2008-01-26 10:19:36 0 d-------- C:\Documents and Settings\Val\Application Data\Help
2008-01-26 10:10:03 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 10:09:39 0 d-------- C:\WINDOWS\ShellNew
2008-01-26 10:05:15 102400 -ra------ C:\WINDOWS\scrub2k.exe
2008-01-26 10:05:03 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-26 10:02:19 0 d-------- C:\Program Files\EPSON Print CD
2008-01-26 10:02:09 131072 --a------ C:\WINDOWS\system32\Epcmlib.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON CardMonitor Library>
2008-01-26 10:01:45 108032 --a------ C:\WINDOWS\system32\EBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer DebugTrace Tool>
2008-01-26 10:01:45 203776 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-01-26 10:01:26 139264 --a------ C:\WINDOWS\system32\EBAPI2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-01-26 10:01:26 0 d-------- C:\Program Files\Common Files\EPSON
2008-01-26 10:00:39 0 d-------- C:\Program Files\EPSON
2008-01-26 01:55:18 0 d-------- C:\Program Files\Ahead
2008-01-26 01:55:11 0 d-------- C:\Program Files\GoldEsel
2008-01-26 01:40:08 0 d-------- C:\Documents and Settings\Stu\Application Data\Ahead
2008-01-26 01:38:25 0 d-------- C:\Program Files\Nero
2008-01-26 01:38:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-26 01:32:31 0 d-------- C:\Program Files\DVD Decrypter
2008-01-25 23:54:02 0 d-------- C:\Program Files\SiSoftware
2008-01-25 23:06:25 0 d-------- C:\Program Files\Activision
2008-01-25 22:59:47 0 d--hs---- C:\WINDOWS\ftpcache
2008-01-25 22:33:03 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-25 21:33:12 0 d-------- C:\WINDOWS\NV1508660.TMP
2008-01-25 21:32:37 0 d-------- C:\NVIDIA
2008-01-25 21:26:05 0 d-------- C:\WINDOWS\NV11201252.TMP
2008-01-25 21:20:32 0 d-------- C:\WINDOWS\Prefetch
2008-01-25 19:57:56 0 d-------- C:\Program Files\Windows Resource Kits
2008-01-25 19:44:18 0 d-------- C:\Documents and Settings\Stu\Application Data\Google
2008-01-25 19:32:23 0 d-------- C:\WINDOWS\setup.pss
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-25 19:30:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-25 19:30:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-25 19:30:22 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-25 19:30:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-25 19:30:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-25 19:30:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-25 16:02:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 16:02:15 0 d-------- C:\Program Files\iWin.com
2008-01-25 16:01:25 0 d-------- C:\Documents and Settings\Val\Application Data\iWinArcade
2008-01-25 16:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-01-25 16:01:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-25 16:01:05 0 d-------- C:\Program Files\Google
2008-01-25 16:00:40 0 d-------- C:\Program Files\iWin Games
2008-01-25 07:56:58 0 d-------- C:\Program Files\IncrediMail
2008-01-25 07:43:36 0 d-------- C:\Documents and Settings\Val\Application Data\Macromedia
2008-01-25 07:41:18 0 d-------- C:\Documents and Settings\Val\Application Data\Adobe
2008-01-25 07:40:40 0 d-------- C:\Documents and Settings\Val\Application Data\Identities
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\Templates
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\Start Menu
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\SendTo
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\Recent
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\PrintHood
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\NetHood
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\My Documents
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\Local Settings
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\Favorites
2008-01-25 07:40:32 0 d-------- C:\Documents and Settings\Val\Desktop
2008-01-25 07:40:32 0 d--hs---- C:\Documents and Settings\Val\Cookies
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\Application Data
2008-01-25 07:40:32 0 d---s---- C:\Documents and Settings\Val\Application Data\Microsoft
2008-01-25 07:40:31 1572864 --ah----- C:\Documents and Settings\Val\NTUSER.DAT
2008-01-24 23:36:09 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-24 23:24:45 0 d-------- C:\Documents and Settings\Stu\Application Data\Sun
2008-01-24 23:21:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-24 22:39:59 0 d-------- C:\Program Files\Java
2008-01-24 22:39:36 0 d-------- C:\Program Files\Common Files\Java
2008-01-24 22:37:49 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-01-24 22:37:49 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-24 22:37:49 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-24 22:37:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-24 22:37:48 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-24 22:37:47 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-24 22:37:47 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-24 22:37:46 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-24 22:36:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 22:35:32 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-24 22:35:32 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-24 22:33:28 0 d-------- C:\Programme
2008-01-24 22:33:28 0 d-------- C:\Documents and Settings\Stu\Application Data\WinRAR
2008-01-24 22:32:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-24 22:10:20 0 d-------- C:\WINDOWS\network diagnostic
2008-01-24 22:03:44 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-24 21:49:18 0 d-------- C:\Documents and Settings\Stu\Application Data\teamspeak2
2008-01-24 21:49:09 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 21:46:57 0 d-------- C:\Program Files\shortcuts
2008-01-24 21:46:51 0 d-------- C:\Program Files\stuarts
2008-01-24 21:25:27 0 d-------- C:\Documents and Settings\Stu\Application Data\Xfire
2008-01-24 21:25:26 0 d-------- C:\Program Files\Xfire
2008-01-24 21:22:16 0 d--hs---- C:\Documents and Settings\Stu\UserData
2008-01-24 21:21:27 0 d-------- C:\Program Files\MSBuild
2008-01-24 21:21:24 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 21:21:19 0 d-------- C:\Program Files\Reference Assemblies
2008-01-24 21:19:58 0 d-------- C:\Documents and Settings\Stu\Contacts
2008-01-24 21:19:40 0 d-------- C:\Program Files\MSXML 6.0
2008-01-24 21:18:38 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-24 21:18:23 0 d-------- C:\Program Files\MSN Messenger
2008-01-24 21:15:20 0 d-------- C:\Documents and Settings\Stu\Application Data\Macromedia
2008-01-24 21:14:10 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-24 21:13:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-24 21:12:03 0 d-------- C:\Documents and Settings\Stu\Application Data\Adobe
2008-01-24 21:10:22 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-24 21:02:31 0 d-------- C:\WINDOWS\system32\Lang
2008-01-24 21:01:26 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-24 21:01:04 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-24 21:00:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-24 21:00:19 0 d-------- C:\Program Files\Realtek
2008-01-24 21:00:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-24 20:59:37 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-24 20:57:54 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-24 20:57:28 0 d-------- C:\WINDOWS\NV34043408.TMP
2008-01-24 20:56:42 0 d-------- C:\WINDOWS\system32\Tools
2008-01-24 20:51:26 0 d-------- C:\WINDOWS\nview
2008-01-24 20:50:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-24 20:33:25 0 d-------- C:\Program Files\Symantec
2008-01-24 20:33:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 20:33:08 0 d-------- C:\Program Files\Common Files\Symantec Shared

-- Find3M Report ---------------------------------------------------------------

2008-02-06 18:32:30 0 d-------- C:\Program Files\Common Files
2008-01-25 21:16:21 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-24 22:05:40 0 d-------- C:\Program Files\Messenger
2007-12-18 19:55:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-18 19:55:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-18 19:55:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-18 19:55:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-18 19:55:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-18 19:55:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-18 19:55:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-18 19:55:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-18 19:55:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"HPWQTOOLBOX "= "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [01/06/2005 14:54]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [18/12/2007 19:55]
"nwiz "= "nwiz.exe" [18/12/2007 19:55 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [12/04/2007 09:33 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup "= "C:\WINDOWS\RaidTool\xInsIDE.exe" [20/03/2007 06:36]
"36X Raid Configurer "= "C:\WINDOWS\system32\xRaidSetup.exe" [28/03/2007 07:25]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [18/12/2007 19:55]
"avp "= "C:\WINDOWS\system32\winver.exe" [28/02/2006 12:00]
"MSDisp32 "= "C:\WINDOWS\system32\drvcat.dll" [05/02/2008 20:21]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/02/2008 23:17]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [28/10/2006 06:38]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [06/09/2006 02:22]
"NSRKey "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [26/03/2007 15:45]
"Norton Save and Restore "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [26/03/2007 15:45]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [03/12/2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [29/08/2007 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Execute "=C:\WINDOWS\System32\Tools\DelFolders.exe

C:\Documents and Settings\Stu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [31/01/2008 02:02:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [26/01/2008 10:01:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Reboot.exe [29/12/2006 10:35:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

-- End of Deckard's System Scanner: finished at 2008-02-06 18:57:51 ------------

PeteC · 2008/02/06

Steer clear of the code tags, please - far too difficult to read

Now have patience until one of our trained analysts gets round to your logs.

OriginalGhost · 2008/02/06

sorry about the tags

more if needed:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1534.42 MiB / 853.55 MiB
Pagefile Memory (total/avail): 3433.45 MiB / 2841.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 57.03 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD800JD-00LSA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe "= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\iWin Games\\iWinGames.exe "= "C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application. "
"C:\\Program Files\\iWin Games\\WebUpdater.exe "= "C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater. "
"C:\\WINDOWS\\system32\\PnkBstrA.exe "= "C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA "
"C:\\WINDOWS\\system32\\PnkBstrB.exe "= "C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB "
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe "= "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service "
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe "= "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service "
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\WINDOWS\\system32\\winver.exe "= "C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver "
"C:\\Program Files\\Xfire\\xfire.exe "= "C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Stu\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAMBO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Stu
LOGONSERVER=\\RAMBO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Stu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Stu\LOCALS~1\Temp
USERDOMAIN=RAMBO
USERNAME=Stu
USERPROFILE=C:\Documents and Settings\Stu
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Stu (admin)
Val (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Blood Ties (remove only) --> "C:\Program Files\iWin.com\Blood Ties\Uninstall.exe "
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Cradle of Rome --> "C:\Program Files\IncrediGames\Cradle of Rome\Uninstall.exe" "C:\Program Files\IncrediGames\Cradle of Rome\install.log "
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe "
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -SMT
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 9800 --> msiexec /x{CE33EC58-5DFB-4560-9D33-1E7942E0554F}
HP Photo Printing --> MsiExec.exe /I{A1545143-DD7A-4D6B-BBDD-0A9D93764B0E}
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe "
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 3.2.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office XP Standard --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Demo --> MsiExec.exe /I{513AEC24-3465-8C4F-87BA-652D6F491033}
Nero Reloaded PlugIn Pack 2.0.4 by GEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3D7915D-6B42-49FA-9FC8-5020479A6A57}\setup.exe" -l0x9 -removeonly
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_5_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Cleanup --> MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Save and Restore --> MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B101}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}.exe" /X
Norton SystemWorks Premier --> MsiExec.exe /I{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiSoftware Sandra Lite XIIc --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\unins000.exe "
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareRemover --> MsiExec.exe /I{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe "
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe "
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type2125 / Success
Event Submitted/Written: 02/06/2008 06:40:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2105 / Warning
Event Submitted/Written: 02/06/2008 06:35:20 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type2090 / Success
Event Submitted/Written: 02/06/2008 06:30:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2018 / Success
Event Submitted/Written: 02/06/2008 06:06:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1980 / Success
Event Submitted/Written: 02/06/2008 06:00:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1463 / Warning
Event Submitted/Written: 02/06/2008 06:49:04 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type1462 / Warning
Event Submitted/Written: 02/06/2008 06:49:04 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type1461 / Warning
Event Submitted/Written: 02/06/2008 06:49:04 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type1460 / Warning
Event Submitted/Written: 02/06/2008 06:49:04 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type1032 / Error
Event Submitted/Written: 02/05/2008 10:53:12 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-02-06 18:57:51 ------------

noahdfear · 2008/02/06

Hi OriginalGhost,

Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

OriginalGhost · 2008/02/07

Thank you very much, the popups seem to have gone. I'll add the log file from combofix so you can have a lil look see.

I don't know what the program did i'm just glad they have gone.. again thank you four your time

ComboFix 08-02.05.3 - Stu 2008-02-07 16:08:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.980 [GMT 0:00]
Running from: C:\Documents and Settings\Stu\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 07:39 . 2008-02-07 07:39 <DIR> d-------- C:\Program Files\My Craft Studio
2008-02-06 21:35 . 2008-02-06 21:35 <DIR> d-------- C:\Documents and Settings\Val\Saved Games
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\Documents and Settings\Val\Application Data\iWin
2008-02-06 19:39 . 2008-02-06 19:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-06 18:54 . 2008-02-06 18:54 <DIR> d-------- C:\Deckard
2008-02-06 18:46 . 2008-02-06 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 18:37 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-06 18:37 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-06 18:37 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-06 18:35 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a.dll
2008-02-06 18:35 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\patchw32.dll
2008-02-06 18:21 . 2006-11-03 17:33 636,568 -r------- C:\WINDOWS\system32\NSRSte.dll
2008-02-06 18:19 . 2008-02-06 18:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-02-06 18:17 . 2008-02-06 18:39 <DIR> d-------- C:\Program Files\Norton SystemWorks Premier
2008-02-06 18:17 . 2008-02-06 18:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-06 18:17 . 2008-02-06 18:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-06 18:17 . 2008-02-06 18:34 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-06 18:17 . 2008-02-06 18:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-06 18:00 . 2008-02-06 18:06 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-02-06 17:58 . 2008-02-06 17:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-05 23:22 . 2008-02-05 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 23:12 . 2006-09-05 16:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 23:01 . 2008-02-05 23:01 <DIR> d-------- C:\Program Files\BulletProofSoft.com
2008-02-05 22:49 . 2008-02-05 22:53 <DIR> d-------- C:\Program Files\AntiSpywareApp
2008-02-05 22:49 . 2008-02-05 22:49 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\AntiSpyware
2008-02-05 21:50 . 2008-02-06 17:38 <DIR> d-------- C:\Program Files\RegCure
2008-02-05 20:44 . 2008-02-05 20:45 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-05 20:21 . 2008-02-05 20:21 15,872 --a------ C:\WINDOWS\system32\drvcat.dll
2008-02-04 19:49 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-04 19:49 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-04 19:49 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-04 19:49 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-01 20:11 . 2008-02-01 20:11 <DIR> d-------- C:\WINDOWS\RaidTool
2008-02-01 20:11 . 2008-02-01 20:11 <DIR> d-------- C:\RaidTool
2008-02-01 20:11 . 2007-03-28 07:25 1,953,792 -r------- C:\WINDOWS\system32\xRaidSetup.exe
2008-02-01 20:11 . 2007-03-28 07:26 143,360 -r------- C:\WINDOWS\system32\xRaidAPI.dll
2008-02-01 20:11 . 2007-04-11 16:18 48,000 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-02-01 20:11 . 2006-02-07 11:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-02-01 20:08 . 2005-05-03 10:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-02-01 20:07 . 2008-02-01 20:07 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-01 20:04 . 2008-02-01 20:04 <DIR> d-------- C:\Program Files\Intel
2008-02-01 20:04 . 2008-02-01 20:04 <DIR> d-------- C:\Intel
2008-02-01 19:59 . 2006-12-26 12:31 4,864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys
2008-02-01 19:52 . 2006-12-14 08:44 85,120 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-01 19:30 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008-02-01 19:30 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-02-01 08:12 . 2007-12-18 19:55 159,769 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-01 08:11 . 2008-02-01 20:15 164,392 --a------ C:\WINDOWS\system32\nvapps.xml
2008-02-01 08:11 . 2007-12-18 19:55 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-02-01 07:42 . 2008-02-01 20:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-31 15:25 . 2008-02-01 07:42 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-31 15:24 . 2008-01-31 15:27 <DIR> d-------- C:\WINDOWS\NV676964.TMP
2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-26 20:06 . 2008-01-26 20:06 <DIR> d-------- C:\New Folder
2008-01-26 19:56 . 2008-01-26 19:57 <DIR> d-------- C:\WINDOWS\NV11281136.TMP
2008-01-26 17:09 . 2008-01-26 17:29 <DIR> d-------- C:\Documents and Settings\Val\Application Data\BloodTies
2008-01-26 16:56 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-26 16:56 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-26 16:56 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-26 16:56 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-26 16:56 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-26 16:56 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-26 16:56 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-26 16:56 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-26 16:56 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-26 16:52 . 2007-02-28 09:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-26 16:52 . 2007-02-28 09:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-26 16:52 . 2007-02-28 08:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-26 16:52 . 2007-02-28 08:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-26 16:52 . 2006-06-01 18:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-01-26 16:52 . 2006-06-01 18:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-01-26 16:51 . 2006-06-14 08:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-01-26 16:51 . 2006-06-14 09:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-26 16:51 . 2006-06-14 08:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-01-26 16:50 . 2006-05-05 09:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-26 15:55 . 2008-01-26 15:56 <DIR> d-------- C:\WINDOWS\system32\Data
2008-01-26 13:52 . 2008-01-26 13:52 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 12:25 . 2008-01-26 12:25 <DIR> d-------- C:\Program Files\IncrediGames
2008-01-26 12:25 . 2008-01-26 12:25 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-01-26 10:57 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll.2
2008-01-26 10:57 . 2008-01-26 10:57 217 --a------ C:\WINDOWS\hpdj9800.his
2008-01-26 10:56 . 2008-01-26 10:07 92 --a------ C:\WINDOWS\hpdj9800.bu2
2008-01-26 10:56 . 2008-01-26 10:04 79 --a------ C:\WINDOWS\hpdj9800.hi2
2008-01-26 10:21 . 2008-01-26 10:21 <DIR> d-------- C:\Program Files\HP
2008-01-26 10:16 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll.1
2008-01-26 10:15 . 2008-01-26 10:12 3,663 --a------ C:\WINDOWS\mariner.hi1
2008-01-26 10:15 . 2008-01-26 10:12 1,271 --a------ C:\WINDOWS\mariner.bu1
2008-01-26 10:10 . 2008-01-26 10:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 10:10 . 2008-01-26 10:10 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-26 10:09 . 2008-01-26 10:09 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-26 10:07 . 2008-01-26 10:07 995 --a------ C:\WINDOWS\hpdj9800.hi1
2008-01-26 10:07 . 2008-01-26 10:18 468 --a------ C:\WINDOWS\hpdj9800.bu1
2008-01-26 10:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-26 10:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-26 10:05 . 2008-01-26 10:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-26 10:05 . 2003-11-10 21:52 102,400 -ra------ C:\WINDOWS\scrub2k.exe
2008-01-26 10:05 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll
2008-01-26 10:05 . 2004-06-29 12:11 397 -ra------ C:\WINDOWS\hpw9800k.ini
2008-01-26 10:04 . 2008-01-26 10:58 214 --a------ C:\WINDOWS\hpdj9800.ini
2008-01-26 10:03 . 2008-01-26 10:58 4,491 --a------ C:\WINDOWS\mariner.his

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 19:55 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-18 19:55 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-18 19:55 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-18 19:55 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-18 19:55 7,435,136 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-18 19:55 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-18 19:55 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-18 19:55 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-18 19:55 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-18 19:55 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-18 19:55 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-18 19:55 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-18 19:55 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-18 19:55 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-18 19:55 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-18 19:55 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-18 19:55 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-18 19:55 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-18 19:55 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-18 19:55 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-18 19:55 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-18 19:55 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-18 19:55 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-18 19:55 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-18 19:55 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-18 19:55 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-18 19:55 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-18 19:55 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-18 19:55 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-18 19:55 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-18 19:55 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00 15360]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 15:09 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HPWQTOOLBOX "= "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-01 14:54 335872]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 19:55 8523776]
"nwiz "= "nwiz.exe" [2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2007-04-12 09:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup "= "C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 06:36 36864]
"36X Raid Configurer "= "C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-28 07:25 1953792]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 19:55 81920]
"avp "= "C:\WINDOWS\system32\winver.exe" [2006-02-28 12:00 5632]
"MSDisp32 "= "C:\WINDOWS\system32\drvcat.dll" [2008-02-05 20:21 15872]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-02-05 23:17 6731312]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 06:38 107112]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22 26248]
"NSRKey "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"Norton Save and Restore "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 01:41 25472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00 15360]

C:\Documents and Settings\Stu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 02:02:36 2880336]

C:\Documents and Settings\Val\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-25 16:01:14 58368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-01-26 10:01:25 136192]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Reboot.exe [2006-12-29 10:35:16 409088]

R2 Norton Save and Restore;Norton Save and Restore;C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe [2007-03-26 15:45]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 13:17]
S3 PciCon;PciCon;D:\PciCon.sys []
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-04 02:43]

*Newly Created Service* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 18:29:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Stu.job "
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-02-06 18:17:47 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job "
- C:\Program Files\Norton SystemWorks Premier\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 16:09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 16:10:09
.
2008-01-26 19:53:54 --- E O F ---

OriginalGhost · 2008/02/07

I spoke too soon my bad... rebooted and the buggers came back, same popups as before

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! <---That not so good then????

OriginalGhost · 2008/02/07

popups are really pissing me off now...... sorry for bad language

noahdfear · 2008/02/07

Please run dss again and post the new log. I'll look over it this evening.

OriginalGhost · 2008/02/07

I think it's gone, norton for some reason got a hold of this: Downloader.MisleadApp and deleted it and now i have no popups after rebbot. very strange that norton only just now found it after countless attempts beforehand.

Thank you so much for you help it is very much appreciated

Stuart

noahdfear · 2008/02/07

I still recommend posting a fresh dss log. To answer your inquiry about the Recovery Console: ComboFix now checks to see if it's installed because of the risk of needing it with malware infections becoming increasingly malicious, and the lack of users with an Operating System cd with which to access the Recovery Console. Do you have an operating system disc?

OriginalGhost · 2008/02/14

Yes i have a windows os cd, and i ran the dss again and here are the results:

Deckard's System Scanner v20071014.68
Run by Stu on 2008-02-14 16:59:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Stu.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:48, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\shortcuts\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe "
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201209774953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9097 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-13 17:15:24 0 d-------- C:\Program Files\Xara
2008-02-13 17:15:24 0 d-------- C:\Program Files\Common Files\Xara
2008-02-13 17:13:02 0 d-------- C:\Program Files\Cacheman
2008-02-13 07:00:57 0 d-------- C:\Documents and Settings\Val\Application Data\R-Wipe&Clean
2008-02-12 00:01:46 0 d-------- C:\Program Files\R-Wipe&Clean
2008-02-12 00:01:46 0 d-------- C:\Documents and Settings\Stu\Application Data\R-Wipe&Clean
2008-02-11 22:49:02 0 d-------- C:\Program Files\RconMax(MW)
2008-02-10 14:25:46 0 d-------- C:\Documents and Settings\Val\Application Data\Sun
2008-02-10 09:53:13 0 d-------- C:\Documents and Settings\Stu\Application Data\Help
2008-02-10 08:19:37 0 d-------- C:\Documents and Settings\Val\Application Data\Google
2008-02-10 08:17:16 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-09 12:36:50 0 d-------- C:\Documents and Settings\Val\Application Data\AdobeUM
2008-02-09 12:36:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-09 12:35:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-02-09 12:35:03 0 d-------- C:\WINDOWS\Cache
2008-02-09 12:04:06 0 d-------- C:\Documents and Settings\Val\Application Data\WinRAR
2008-02-08 20:23:22 0 d-------- C:\WINDOWS\system32\svcdll
2008-02-08 20:22:56 0 d-------- C:\Program Files\XAC
2008-02-07 18:13:52 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-07 18:13:29 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-02-07 18:13:10 0 d-------- C:\Documents and Settings\Stu\Application Data\Jasc Software Inc
2008-02-07 18:12:41 0 d-------- C:\Program Files\Jasc Software Inc
2008-02-07 16:07:43 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-07 16:07:43 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-07 16:07:43 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-07 16:07:43 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-07 07:39:26 0 d-------- C:\Program Files\My Craft Studio
2008-02-06 21:35:11 0 d-------- C:\Documents and Settings\Val\Saved Games
2008-02-06 21:33:30 0 d-------- C:\Documents and Settings\Val\Application Data\iWin
2008-02-06 18:46:35 0 d-------- C:\Program Files\Trend Micro
2008-02-06 18:35:54 215144 --a------ C:\WINDOWS\patchw32.dll
2008-02-06 18:35:19 215144 --a------ C:\WINDOWS\pw32a.dll
2008-02-06 18:19:42 0 d-------- C:\Program Files\Norton AntiVirus
2008-02-06 18:17:43 0 d-------- C:\Program Files\Norton SystemWorks Premier
2008-02-06 18:00:35 0 d-------- C:\Program Files\DAEMON Tools
2008-02-06 17:58:29 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-06 17:04:48 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-02-05 23:22:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 23:01:05 0 d-------- C:\Program Files\BulletProofSoft.com
2008-02-05 22:49:10 0 d-------- C:\Documents and Settings\Stu\Application Data\AntiSpyware
2008-02-05 22:49:02 0 d-------- C:\Program Files\AntiSpywareApp
2008-02-05 22:22:54 0 d-------- C:\WINDOWS\pss
2008-02-05 21:50:51 0 d-------- C:\Program Files\RegCure
2008-02-05 21:11:21 0 d-------- C:\!KillBox
2008-02-05 20:44:04 0 d-------- C:\Program Files\XoftSpySE
2008-02-01 20:11:49 143360 -r------- C:\WINDOWS\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-02-01 20:11:48 1953792 -r------- C:\WINDOWS\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-02-01 20:11:47 0 d-------- C:\RaidTool
2008-02-01 20:11:43 0 d-------- C:\WINDOWS\RaidTool
2008-02-01 20:07:56 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-01 20:04:29 0 d-------- C:\Program Files\Intel
2008-02-01 20:04:23 0 d-------- C:\Intel
2008-02-01 19:59:23 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-02-01 07:42:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-31 15:25:35 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-31 15:24:52 0 d-------- C:\WINDOWS\NV676964.TMP
2008-01-26 20:06:24 0 d-------- C:\New Folder <NEWFOL~1>
2008-01-26 19:56:24 0 d-------- C:\WINDOWS\NV11281136.TMP
2008-01-26 17:09:30 0 d-------- C:\Documents and Settings\Val\Application Data\BloodTies
2008-01-26 15:55:48 0 d-------- C:\WINDOWS\system32\Data
2008-01-26 13:52:38 0 d-------- C:\WINDOWS\Sun
2008-01-26 12:25:56 0 d-------- C:\Program Files\IncrediGames
2008-01-26 12:25:56 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-01-26 10:21:34 0 d-------- C:\Program Files\HP
2008-01-26 10:19:36 0 d-------- C:\Documents and Settings\Val\Application Data\Help
2008-01-26 10:09:39 0 d-------- C:\WINDOWS\ShellNew
2008-01-26 10:05:15 102400 -ra------ C:\WINDOWS\scrub2k.exe
2008-01-26 10:05:03 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-26 10:02:19 0 d-------- C:\Program Files\EPSON Print CD
2008-01-26 10:02:09 131072 --a------ C:\WINDOWS\system32\Epcmlib.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON CardMonitor Library>
2008-01-26 10:01:45 108032 --a------ C:\WINDOWS\system32\EBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer DebugTrace Tool>
2008-01-26 10:01:45 203776 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-01-26 10:01:26 139264 --a------ C:\WINDOWS\system32\EBAPI2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-01-26 10:01:26 0 d-------- C:\Program Files\Common Files\EPSON
2008-01-26 10:00:39 0 d-------- C:\Program Files\EPSON
2008-01-26 01:55:18 0 d-------- C:\Program Files\Ahead
2008-01-26 01:55:11 0 d-------- C:\Program Files\GoldEsel
2008-01-26 01:40:08 0 d-------- C:\Documents and Settings\Stu\Application Data\Ahead
2008-01-26 01:38:25 0 d-------- C:\Program Files\Nero
2008-01-26 01:38:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-26 01:32:31 0 d-------- C:\Program Files\DVD Decrypter
2008-01-25 23:54:02 0 d-------- C:\Program Files\SiSoftware
2008-01-25 23:06:25 0 d-------- C:\Program Files\Activision
2008-01-25 22:59:47 0 d--hs---- C:\WINDOWS\ftpcache
2008-01-25 22:33:03 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-25 21:33:12 0 d-------- C:\WINDOWS\NV1508660.TMP
2008-01-25 21:32:37 0 d-------- C:\NVIDIA
2008-01-25 21:26:05 0 d-------- C:\WINDOWS\NV11201252.TMP
2008-01-25 21:20:32 0 d-------- C:\WINDOWS\Prefetch
2008-01-25 19:57:56 0 d-------- C:\Program Files\Windows Resource Kits
2008-01-25 19:44:18 0 d-------- C:\Documents and Settings\Stu\Application Data\Google
2008-01-25 19:32:23 0 d-------- C:\WINDOWS\setup.pss
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-25 19:30:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-25 19:30:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-25 19:30:22 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-25 19:30:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-25 19:30:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-25 19:30:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-25 19:30:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-25 19:30:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-25 16:02:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 16:02:15 0 d-------- C:\Program Files\iWin.com
2008-01-25 16:01:25 0 d-------- C:\Documents and Settings\Val\Application Data\iWinArcade
2008-01-25 16:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-01-25 16:01:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-25 16:01:05 0 d-------- C:\Program Files\Google
2008-01-25 16:00:40 0 d-------- C:\Program Files\iWin Games
2008-01-25 07:56:58 0 d-------- C:\Program Files\IncrediMail
2008-01-25 07:43:36 0 d-------- C:\Documents and Settings\Val\Application Data\Macromedia
2008-01-25 07:41:18 0 d-------- C:\Documents and Settings\Val\Application Data\Adobe
2008-01-25 07:40:40 0 d-------- C:\Documents and Settings\Val\Application Data\Identities
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\Templates
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\Start Menu
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\SendTo
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\Recent
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\PrintHood
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\NetHood
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\My Documents
2008-01-25 07:40:32 0 d--h----- C:\Documents and Settings\Val\Local Settings
2008-01-25 07:40:32 0 dr------- C:\Documents and Settings\Val\Favorites
2008-01-25 07:40:32 0 d-------- C:\Documents and Settings\Val\Desktop
2008-01-25 07:40:32 0 d--hs---- C:\Documents and Settings\Val\Cookies
2008-01-25 07:40:32 0 dr-h----- C:\Documents and Settings\Val\Application Data
2008-01-25 07:40:32 0 d---s---- C:\Documents and Settings\Val\Application Data\Microsoft
2008-01-25 07:40:31 2097152 --ah----- C:\Documents and Settings\Val\NTUSER.DAT
2008-01-24 23:36:09 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-24 23:24:45 0 d-------- C:\Documents and Settings\Stu\Application Data\Sun
2008-01-24 23:21:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-24 22:39:59 0 d-------- C:\Program Files\Java
2008-01-24 22:39:36 0 d-------- C:\Program Files\Common Files\Java
2008-01-24 22:37:49 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-01-24 22:37:49 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-24 22:37:49 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-24 22:37:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-24 22:37:48 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-24 22:37:47 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-24 22:37:47 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-24 22:37:46 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-24 22:36:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 22:35:32 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-24 22:35:32 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-24 22:33:28 0 d-------- C:\Programme
2008-01-24 22:33:28 0 d-------- C:\Documents and Settings\Stu\Application Data\WinRAR
2008-01-24 22:32:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-24 22:10:20 0 d-------- C:\WINDOWS\network diagnostic
2008-01-24 22:03:44 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-24 21:49:18 0 d-------- C:\Documents and Settings\Stu\Application Data\teamspeak2
2008-01-24 21:49:09 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 21:46:57 0 d-------- C:\Program Files\shortcuts
2008-01-24 21:46:51 0 d-------- C:\Program Files\stuarts
2008-01-24 21:25:27 0 d-------- C:\Documents and Settings\Stu\Application Data\Xfire
2008-01-24 21:25:26 0 d-------- C:\Program Files\Xfire
2008-01-24 21:22:16 0 d--hs---- C:\Documents and Settings\Stu\UserData
2008-01-24 21:21:27 0 d-------- C:\Program Files\MSBuild
2008-01-24 21:21:24 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 21:21:19 0 d-------- C:\Program Files\Reference Assemblies
2008-01-24 21:19:58 0 d-------- C:\Documents and Settings\Stu\Contacts
2008-01-24 21:19:40 0 d-------- C:\Program Files\MSXML 6.0
2008-01-24 21:18:38 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-24 21:18:23 0 d-------- C:\Program Files\MSN Messenger
2008-01-24 21:15:20 0 d-------- C:\Documents and Settings\Stu\Application Data\Macromedia
2008-01-24 21:14:10 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-24 21:13:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-24 21:12:03 0 d-------- C:\Documents and Settings\Stu\Application Data\Adobe
2008-01-24 21:10:22 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-24 21:02:31 0 d-------- C:\WINDOWS\system32\Lang
2008-01-24 21:01:26 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-24 21:01:04 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-24 21:00:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-24 21:00:19 0 d-------- C:\Program Files\Realtek
2008-01-24 21:00:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-24 20:59:37 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-24 20:57:54 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-24 20:57:28 0 d-------- C:\WINDOWS\NV34043408.TMP
2008-01-24 20:56:42 0 d-------- C:\WINDOWS\system32\Tools
2008-01-24 20:51:26 0 d-------- C:\WINDOWS\nview
2008-01-24 20:50:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-24 20:33:25 0 d-------- C:\Program Files\Symantec
2008-01-24 20:33:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 20:33:08 0 d-------- C:\Program Files\Common Files\Symantec Shared

-- Find3M Report ---------------------------------------------------------------

2008-02-13 17:15:24 0 d-------- C:\Program Files\Common Files
2008-01-25 21:16:21 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-24 22:05:40 0 d-------- C:\Program Files\Messenger
2007-12-18 19:55:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-18 19:55:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-18 19:55:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-18 19:55:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-18 19:55:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-18 19:55:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-18 19:55:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-18 19:55:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-18 19:55:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
21/12/2007 22:27 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"HPWQTOOLBOX "= "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [01/06/2005 14:54]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [18/12/2007 19:55]
"nwiz "= "nwiz.exe" [18/12/2007 19:55 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [12/04/2007 09:33 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup "= "C:\WINDOWS\RaidTool\xInsIDE.exe" [20/03/2007 06:36]
"36X Raid Configurer "= "C:\WINDOWS\system32\xRaidSetup.exe" [28/03/2007 07:25]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [18/12/2007 19:55]
"avp "= "C:\WINDOWS\system32\winver.exe" [28/02/2006 12:00]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [28/10/2006 06:38]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [06/09/2006 02:22]
"NSRKey "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [26/03/2007 15:45]
"Norton Save and Restore "= "C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [26/03/2007 15:45]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [03/12/2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [29/08/2007 15:09]
"Cacheman "= "C:\PROGRA~1\Cacheman\Cacheman.exe" [31/07/2003 14:13]

C:\Documents and Settings\Stu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [31/01/2008 02:02:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [26/01/2008 10:01:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Reboot.exe [29/12/2006 10:35:16]

*Newly Created Service* - PNKBSTRK

-- End of Deckard's System Scanner: finished at 2008-02-14 17:00:16 ------------

noahdfear · 2008/02/15

If your Operating System cd is an SP2 version, you should have no problem booting to the recovery console with it should the need ever arise.

You have a rogue antispyware application installed, and it should be removed. Open Add/Remove programs and uninstall AntiSpywareApp, then remove it's folder from C:\Program Files if still present.

You also have a suspicious folder. Please check the contents of the C:\WINDOWS\system32\svcdll folder and let me know what is in it.

OriginalGhost · 2008/02/16

"noahdfear said: ↑

If your Operating System cd is an SP2 version, you should have no problem booting to the recovery console with it should the need ever arise.

You have a rogue antispyware application installed, and it should be removed. Open Add/Remove programs and uninstall AntiSpywareApp, then remove it's folder from C:\Program Files if still present.

You also have a suspicious folder. Please check the contents of the C:\WINDOWS\system32\svcdll folder and let me know what is in it.
Click to expand...

antispywareapp folder was empty, below is a screenshot of what was in folder svcdll in the system32 folder:

noahdfear · 2008/02/16

Please zip the svc.dll folder for me, then upload it to my submission channel. Leave a link back to this topic. The files all look rogue to me, but I'd like to check them out before recommending deletion.

Have a few errands to run, so it'll be a few hours before I respond again.

OriginalGhost · 2008/02/17

sent to you

noahdfear · 2008/02/17

Thanks Stuart!

What is the C:\Program Files\XAC program? I think the svcdll folder may be associated with it.

Recommend you do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here please.

Log in or Sign up

spyguardpro annoying popups

OriginalGhost Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

PeteC SuperGeek Staff

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

spyguardpro annoying popups

OriginalGhost Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

PeteC SuperGeek Staff

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

OriginalGhost Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches