Computing.Net > Forums > Security and Virus > Zlob, System Alert Popup

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Zlob, System Alert Popup

Reply to Message Icon
Original Message
Name: Adboy
Date: February 28, 2007 at 17:27:15 Pacific
Subject: Zlob, System Alert Popup
OS: Windows XP Home Edition
CPU/Ram: 1024 MB Ram
Comment:

I recently er... Inherited the Zlob virus.. And i have been reading around. One person said to download the program Spynomore. As useful as it is, its also very useless. I need to BUY the program before it can fix the problems. (I can't buy it)... It tells me that there are problems in 4 different registry keys, and i also read you can type 'regedit' into Run, and delete the keys manually. Im not sure if its safe to do so, because it may interfere with another process that may need these keys, im not exactly sure.

What should i do?
Adam.


Report Offensive Message For Removal


Response Number 1
Name: grasshopper
Date: February 28, 2007 at 17:45:27 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Try the FREE virus scan at www.trendmicro.com.

Keep Smiling
It makes them think you're up to something...


Report Offensive Follow Up For Removal

Response Number 2
Name: jabuck
Date: February 28, 2007 at 18:48:59 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Spynomore was recently on th rogue antispyware list but has been removed and considered safe but there are not many helpers that recommend using it.

Please download Comboscan from this link:

Comboscan


Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Comboscan may find the registry entries that you have found but if not post the four registry entries (full path) that you have found.


Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: February 28, 2007 at 18:50:51 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

If you do not have Hijack This installed comboscan will ask to install it so allow it to install please.


Report Offensive Follow Up For Removal

Response Number 4
Name: Adboy
Date: March 1, 2007 at 01:39:53 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

I have Hijack This, And i also know the exact paths of the registry keys too, would you like me to post those instead? or the comboscan's report?


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: March 1, 2007 at 03:44:51 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Please post the combo scan and the registry paths.


Report Offensive Follow Up For Removal


Response Number 6
Name: Adboy
Date: March 1, 2007 at 13:28:59 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

ComboScan v20070226.18 run by Adam on 2007-03-02 at 07:18:13
Computer is in Normal Mode.
----------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as -

Logfile of HijackThis v1.99.1
Scan saved at 7:18:26 AM, on 2/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Downloads\tibialoader.exe
C:\Program Files\Tibia Auto\tibiaauto.exe
C:\Program Files\Tibia\Tibia.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\Adam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- File Associat-------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3S adxapie - C:\DOCUME~1\Adam\LOCALS~1\Temp\adxapie.sys (not found)
3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3R EL2000 (3Com 3C2000x EtherLink XL Adapter) - C:\WINDOWS\system32\drivers\EL2K_XP.sys
3S GMSIPCI - E:\INSTALL\GMSIPCI.SYS (not found)
1S ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys (not found)
1S ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys (not found)
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys
2R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0R sfdrv01a (StarForce Protection Environment Driver (version 1.x.a)) - C:\WINDOWS\system32\drivers\sfdrv01a.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
3R snpstd (USB PC Camera (SN9C102)) - C:\WINDOWS\system32\drivers\snpstd.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys
0R viasraid - C:\WINDOWS\system32\drivers\viasraid.sys
3S VIAudio (VIA AC'97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\viaudios.sys
3S Vsp - C:\WINDOWS\system32\drivers\vsp.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
3S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
2S sfrem01 (SF FrontLine Drivers Auto Removal (v1)) - C:\WINDOWS\system32\sfrem01.exe svc
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"


-- Files created between 2007-02-02 and 20----------

2007-03-01 20:08:46 0 d-------- C:\Documents and Settings\Adam\Application Data\Ventrilo
2007-03-01 19:58:30 0 d-------- C:\Program Files\Ventrilo
2007-03-01 19:58:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-01 12:17:20 0 d-------- C:\Documents and Settings\Adam\.housecall6.6<HOUSEC~1.6>
2007-03-01 12:15:24 0 d-------- C:\WINDOWS\Sun
2007-03-01 12:15:24 0 d-------- C:\Documents and Settings\Adam\Application Data\Sun
2007-03-01 11:17:50 0 d-------- C:\Program Files\SpyNoMore<SPYNOM~1>
2007-02-25 21:16:46 2952 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-25 21:15:51 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-25 21:15:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-25 21:15:48 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-25 21:15:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-25 21:15:46 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-25 21:15:45 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-25 10:11:59 0 d-------- C:\!KillBox
2007-02-25 10:11:55 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-02-25 00:14:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-25 00:13:59 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~2>
2007-02-25 00:13:59 0 d-------- C:\Documents and Settings\Adam\Application Data\PC Tools<PCTOOL~1>
2007-02-25 00:13:46 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-25 00:01:06 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-02-24 19:02:15 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-02-24 19:01:39 121856 --a------ C:\WINDOWS\system32\BrWia05a.dll
2007-02-24 19:01:39 37888 --a------ C:\WINDOWS\system32\BrUSi05a.dll
2007-02-24 19:01:37 15295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2007-02-24 19:01:35 52224 -----n--- C:\WINDOWS\system32\brinsstr.dll
2007-02-24 19:01:19 188416 -----n--- C:\WINDOWS\system32\PDRVINST.DLL
2007-02-24 19:01:19 65536 -----n--- C:\WINDOWS\system32\BRWEBUP.EXE
2007-02-24 19:01:19 81920 -----n--- C:\WINDOWS\system32\BrWebIns.dll
2007-02-24 19:01:16 0 d-------- C:\Program Files\Brother
2007-02-24 19:01:08 0 d-------- C:\Brother
2007-02-24 19:01:07 147456 -----n--- C:\WINDOWS\brunin03.dll
2007-02-24 18:55:36 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-24 18:55:11 0 d-------- C:\Program Files\Common Files\ScanSoft Shared<SCANSO~1>
2007-02-24 18:55:00 0 d-------- C:\Program Files\ScanSoft
2007-02-24 18:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-02-24 18:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-02-21 15:50:07 0 d-------- C:\Program Files\Iolo
2007-02-18 10:55:08 0 d-------- C:\Soldat
2007-02-18 09:08:56 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-17 11:48:33 1048576 --ah----- C:\Documents and Settings\Luke\NTUSER.DAT
2007-02-15 19:45:46 0 d-------- C:\Program Files\Crimsonland<CRIMSO~1>
2007-02-15 19:45:37 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-02-14 18:36:03 0 d-------- C:\Program Files\Windows Journal Viewer<WI96D0~1>
2007-02-13 20:52:07 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-13 20:52:07 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-13 20:52:07 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-12 20:27:21 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-12 20:27:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MICROS~4>
2007-02-12 20:27:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-02-12 20:17:04 0 dr--s---- C:\WINDOWS\assembly
2007-02-12 20:14:27 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>


-- Find3M Re-----------

2007-03-01 19:44:08 0 d-------- C:\Program Files\GetRight
2007-03-01 19:18:59 0 d-------- C:\Program Files\Tibia
2007-03-01 15:24:09 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-02-24 19:01:17 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-24 19:01:03 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 13:02:05 0 d-------- C:\Program Files\Tibia Auto<TIBIAA~1>
2007-02-13 14:08:44 0 d-------- C:\Documents and Settings\Adam\Application Data\Macromedia<MACROM~1>
2007-02-12 21:36:26 0 d---s---- C:\Documents and Settings\Adam\Application Data\Microsoft<MICROS~1>
2007-02-12 20:04:06 0 d-------- C:\Program Files\Conquer 2.0<CONQUE~1.0>
2007-02-10 08:08:43 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-31 18:23:35 0 d-------- C:\Documents and Settings\Adam\Application Data\LimeWire
2007-01-30 18:07:55 0 d-------- C:\Program Files\HyCam2
2007-01-30 18:07:55 0 d-------- C:\Documents and Settings\Adam\Application Data\Help
2007-01-29 18:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 16:24:03 0 d-------- C:\Documents and Settings\Adam\Application Data\GetRightToGo<GETRIG~1>
2007-01-25 22:07:02 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-23 20:16:13 0 d-------- C:\Program Files\Java
2007-01-20 10:09:46 0 d-------- C:\Program Files\Tibia7.92
2007-01-19 23:25:39 0 d-------- C:\Program Files\HeroesOfAE<HEROES~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 12:19:14 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-18 17:59:38 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-01-18 17:37:32 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-01-18 17:34:55 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-01-16 20:40:23 0 d-------- C:\Program Files\LimeWire
2007-01-16 20:14:21 0 d-------- C:\Program Files\Common Files\Java
2007-01-15 20:43:54 0 d-------- C:\Program Files\EA Games<EAGAME~1>
2007-01-13 10:24:56 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-10 10:15:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~2.DLL>
2007-01-10 10:13:31 0 d-------- C:\Program Files\TimeGate Studios<TIMEGA~1>
2007-01-10 09:36:37 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-01-10 09:21:13 0 d-------- C:\Documents and Settings\Adam\Application Data\Leadertech<LEADER~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 12:05:59 0 d-------- C:\Documents and Settings\Adam\Application Data\My Games<MYGAME~1>
2007-01-04 11:58:09 0 d-------- C:\Program Files\Firaxis Games<FIRAXI~1>
2006-12-20 07:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-20 04:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-18 16:04:42 1867776 --a------ C:\WINDOWS\system32\python24.dll
2006-12-15 00:50:11 62 --ahs---- C:\Documents and Settings\Adam\Application Data\desktop.ini
2006-12-14 22:45:13 983 --a------ C:\WINDOWS\eReg.dat
2006-12-14 15:28:24 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-12-14 15:01:00 0 -rahs---- C:\MSDOS.SYS
2006-12-14 15:01:00 0 -rahs---- C:\IO.SYS
2006-12-14 15:01:00 0 --a------ C:\CONFIG.SYS
2006-12-14 15:01:00 0 --a------ C:\AUTOEXEC.BAT
2006-12-14 14:58:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>


-- Registry -----------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"="C:\\Program Files\\Video Access ActiveX Object\\isamntr.exe"
"rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-03-02 at 07:1-

ComboScan v20070226.18 run by Adam on 2007-03-02 at 07:18:13
Supplementary logfile - please post this as an attachment with your post.
----------------------

-- System Informa------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(TM) XP 2000+
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 1023.53 MiB / 347 MiB
Pagefile Memory (total/avail): 2461.2 MiB / 1845.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1992.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 45.43 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)


-- Security Ce---------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

-- Environment Varia---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Adam\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEANS-COMPY-1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Adam
LOGONSERVER=\\BEANS-COMPY-1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
USERDOMAIN=BEANS-COMPY-1
USERNAME=Adam
USERPROFILE=C:\Documents and Settings\Adam
windir=C:\WINDOWS


-- User Prof-----------

Adam [I](admin)[/I]
Luke [I](admin)[/I]


-- Add/Remove Prog-----

--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker --> C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights(TM) Kingmaker.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Conquer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe" -l0x9
Crimsonland --> "C:\Program Files\Crimsonland\ReflexiveArcade\unins000.exe"
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Heroes of Annihilated Empires --> "C:\Program Files\HeroesOfAE\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Kohan II Kings of War --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F96A02BA-8F24-44D4-AC69-EE4CAD772290} /l1033
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Web Developer 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - ENU --> MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Need for Speed Underground 2 --> C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
NSIS Example2 --> "C:\Program Files\Tibia Auto\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Soldat 1.2.1 --> c:\Soldat\unins000.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyNoMore 2.64 --> C:\Program Files\SpyNoMore\uninst.exe
Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Alert Popup --> C:\DOCUME~1\Adam\LOCALS~1\Temp\lafAC.tmp /del
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Tibia 7.9 --> "C:\Program Files\Tibia\unins000.exe"
USB PC Camera (SN9C102) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- End of ComboScan: finished at 2007-03-02 at 07:1-

I'm not exactly sure if the registry keys which are infected are shown in there - I don't know what it all means.. hehe... So i'll post the directories too

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, rare

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polocies\Explorer\Run, user32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Managerment\ARPCache\System Alert Popup


Report Offensive Follow Up For Removal

Response Number 7
Name: jabuck
Date: March 1, 2007 at 15:04:35 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Go to start> control panel> add/remove programs scroll down to and uninstall these programs:

LimeWire (Known to contain spyware )

System Alert Popup (Spyware, probably installed either through LimeWire or Because your Java is out os date)

SpyNoMore (You have Spywareblaster, that should be enough antispyware programs)

Spyware Doctor (Appears to have a damaged or missing system file and is not operating properly reinstall it later.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Run Hijack This (located at C:\hijack this\hijackthis.exe. Once you have it running click "do a system scan">

Next place a check in box to the left of the following item then press "fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Exit Hijack This.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"=-
"rare"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG-AntiSpyware report.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.



Report Offensive Follow Up For Removal

Response Number 8
Name: Adboy
Date: March 1, 2007 at 23:21:40 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

SmitFraudFix v2.144

Scan done at 17:18:18.67, Fri 02/03/2007
Run from C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adam


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adam\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Adam\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Also, the AVG report;
-----------------------
AVG Anti-Spyware - Scan Report


+ Created at: 5:10:08 PM 2/03/2007

+ Scan result:

C:\!KillBox\pmmnt.exe -> Downloader.Zlob.bcz : No action taken.
C:\!KillBox\pmmnt.exe( 1) -> Downloader.Zlob.bcz : No action taken.
C:\!KillBox\isadd.dll -> Downloader.Zlob.bpf : No action taken.
C:\!KillBox\isamini.exe -> Downloader.Zlob.bpf : No action taken.
C:\!KillBox\isamntr.exe -> Downloader.Zlob.bpf : No action taken.
C:\!KillBox\isunst.exe -> Downloader.Zlob.bpf : No action taken.
C:\Documents and Settings\Adam\Desktop\TibiaAutoSetup_1_12_2.exe -> Trojan.Small : No action taken.


::Report end

I had recently downloaded Killbox to try and delete the files which i KNEW were the infected ones, it worked, but now it seems they have taken the form of killbox with the ! at the beginning. So far, THANK YOU SO MUCH for helping me, and thanks in advance for any further. :)


Report Offensive Follow Up For Removal

Response Number 9
Name: Adboy
Date: March 1, 2007 at 23:23:07 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Oh also, in your last post you said :

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

You did not specify any files =S



Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: March 2, 2007 at 19:35:06 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Guess you are referencing this, remove the bolded item:

"Run Hijack This (located at C:\hijack this\hijackthis.exe. Once you have it running click "do a system scan">

Next place a check in box to the left of the following item then press "fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)"

Navigate to and delete this folder:

C:\!KillBox

Post a new Comboscan please.



Report Offensive Follow Up For Removal

Response Number 11
Name: Adboy
Date: March 2, 2007 at 21:01:58 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

ComboScan v20070226.18 run by Adam on 2007-03-03 at 14:58:57
Computer is in Normal Mode.
----------------------

-- HijackThis (run as -

Logfile of HijackThis v1.99.1
Scan saved at 2:59:03 PM, on 3/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Iolo\Macro Magic\Macros.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\Adam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- Files created between 2007-02-03 and 20----------

2007-03-03 12:04:45 0 d-------- C:\Documents and Settings\Luke\Application Data\PC Tools<PCTOOL~1>
2007-03-02 14:27:32 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 14:27:28 0 d-------- C:\Program Files\Grisoft
2007-03-01 20:08:46 0 d-------- C:\Documents and Settings\Adam\Application Data\Ventrilo
2007-03-01 19:58:30 0 d-------- C:\Program Files\Ventrilo
2007-03-01 19:58:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-01 12:17:20 0 d-------- C:\Documents and Settings\Adam\.housecall6.6<HOUSEC~1.6>
2007-03-01 12:15:24 0 d-------- C:\WINDOWS\Sun
2007-03-01 12:15:24 0 d-------- C:\Documents and Settings\Adam\Application Data\Sun
2007-02-25 21:16:46 3142 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-25 21:15:51 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-25 21:15:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-25 21:15:48 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-25 21:15:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-25 21:15:46 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-25 21:15:45 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-25 10:11:55 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-02-25 00:14:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-25 00:13:59 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~2>
2007-02-25 00:13:59 0 d-------- C:\Documents and Settings\Adam\Application Data\PC Tools<PCTOOL~1>
2007-02-25 00:13:46 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-25 00:01:06 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-02-24 19:02:15 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-02-24 19:01:39 121856 --a------ C:\WINDOWS\system32\BrWia05a.dll
2007-02-24 19:01:39 37888 --a------ C:\WINDOWS\system32\BrUSi05a.dll
2007-02-24 19:01:37 15295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2007-02-24 19:01:35 52224 -----n--- C:\WINDOWS\system32\brinsstr.dll
2007-02-24 19:01:19 188416 -----n--- C:\WINDOWS\system32\PDRVINST.DLL
2007-02-24 19:01:19 65536 -----n--- C:\WINDOWS\system32\BRWEBUP.EXE
2007-02-24 19:01:19 81920 -----n--- C:\WINDOWS\system32\BrWebIns.dll
2007-02-24 19:01:16 0 d-------- C:\Program Files\Brother
2007-02-24 19:01:08 0 d-------- C:\Brother
2007-02-24 19:01:07 147456 -----n--- C:\WINDOWS\brunin03.dll
2007-02-24 18:55:36 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-24 18:55:11 0 d-------- C:\Program Files\Common Files\ScanSoft Shared<SCANSO~1>
2007-02-24 18:55:00 0 d-------- C:\Program Files\ScanSoft
2007-02-24 18:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-02-24 18:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-02-21 15:50:07 0 d-------- C:\Program Files\Iolo
2007-02-18 10:55:08 0 d-------- C:\Soldat
2007-02-18 09:08:56 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-17 11:48:33 1048576 --ah----- C:\Documents and Settings\Luke\NTUSER.DAT
2007-02-15 19:45:46 0 d-------- C:\Program Files\Crimsonland<CRIMSO~1>
2007-02-15 19:45:37 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-02-14 18:36:03 0 d-------- C:\Program Files\Windows Journal Viewer<WI96D0~1>
2007-02-13 20:52:07 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-13 20:52:07 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-13 20:52:07 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-13 20:52:07 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-12 20:27:21 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-12 20:27:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MICROS~4>
2007-02-12 20:27:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-02-12 20:17:04 0 dr--s---- C:\WINDOWS\assembly
2007-02-12 20:14:27 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>


-- Find3M Re-----------

2007-03-03 12:14:20 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-03-03 00:27:00 0 d-------- C:\Program Files\Tibia
2007-03-02 15:36:55 0 d-------- C:\Program Files\Java
2007-03-01 19:44:08 0 d-------- C:\Program Files\GetRight
2007-02-24 19:01:17 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-24 19:01:03 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 13:02:05 0 d-------- C:\Program Files\Tibia Auto<TIBIAA~1>
2007-02-13 14:08:44 0 d-------- C:\Documents and Settings\Adam\Application Data\Macromedia<MACROM~1>
2007-02-12 21:36:26 0 d---s---- C:\Documents and Settings\Adam\Application Data\Microsoft<MICROS~1>
2007-02-12 20:04:06 0 d-------- C:\Program Files\Conquer 2.0<CONQUE~1.0>
2007-02-10 08:08:43 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-31 18:23:35 0 d-------- C:\Documents and Settings\Adam\Application Data\LimeWire
2007-01-30 18:07:55 0 d-------- C:\Program Files\HyCam2
2007-01-30 18:07:55 0 d-------- C:\Documents and Settings\Adam\Application Data\Help
2007-01-29 18:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 16:24:03 0 d-------- C:\Documents and Settings\Adam\Application Data\GetRightToGo<GETRIG~1>
2007-01-25 22:07:02 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-20 10:09:46 0 d-------- C:\Program Files\Tibia7.92
2007-01-19 23:25:39 0 d-------- C:\Program Files\HeroesOfAE<HEROES~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 12:19:14 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-18 17:59:38 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-01-18 17:37:32 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-01-18 17:34:55 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-01-16 20:40:23 0 d-------- C:\Program Files\LimeWire
2007-01-16 20:14:21 0 d-------- C:\Program Files\Common Files\Java
2007-01-15 20:43:54 0 d-------- C:\Program Files\EA Games<EAGAME~1>
2007-01-13 10:24:56 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-10 10:15:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~2.DLL>
2007-01-10 10:13:31 0 d-------- C:\Program Files\TimeGate Studios<TIMEGA~1>
2007-01-10 09:36:37 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-01-10 09:21:13 0 d-------- C:\Documents and Settings\Adam\Application Data\Leadertech<LEADER~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 12:05:59 0 d-------- C:\Documents and Settings\Adam\Application Data\My Games<MYGAME~1>
2007-01-04 11:58:09 0 d-------- C:\Program Files\Firaxis Games<FIRAXI~1>
2006-12-20 07:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-20 04:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-18 16:04:42 1867776 --a------ C:\WINDOWS\system32\python24.dll
2006-12-15 00:50:11 62 --ahs---- C:\Documents and Settings\Adam\Application Data\desktop.ini
2006-12-14 22:45:13 983 --a------ C:\WINDOWS\eReg.dat
2006-12-14 15:28:24 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-12-14 15:01:00 0 -rahs---- C:\MSDOS.SYS
2006-12-14 15:01:00 0 -rahs---- C:\IO.SYS
2006-12-14 15:01:00 0 --a------ C:\CONFIG.SYS
2006-12-14 15:01:00 0 --a------ C:\AUTOEXEC.BAT
2006-12-14 14:58:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>


-- Registry -----------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-03-03 at 14:5-



Report Offensive Follow Up For Removal

Response Number 12
Name: jabuck
Date: March 2, 2007 at 21:13:23 Pacific
Subject: Zlob, System Alert Popup
Reply: (edit)

Is your computer operating any better?


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Zlob, System Alert Popup

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



How often do you use Computing.Net?

Every Day
Once a Week
Once a Month
This Is My First Time!


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge


Script to find whether link is up

Extracting multipe lines from file

Cannot reboot W2K

blank hard drive/no bios

Xbox 360 Serial Number

All Posts Awaiting Replies