[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

heyy everything is running lovely now .. i even got the updates to work .. this guy helped me get the updates to work and he also got the iexplorer thingi to work properly now its not even in the hjk log .. so hmm ide like to thank you for all of your help .. i would like to post one last log of everything so you can check if everything is running A oKAY .. what should i post ..?? just a hjk log?

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

These Windows services are started:

Automatic Updates

avast! Antivirus

avast! iAVS4 Control Service

avast! Mail Scanner

avast! Web Scanner

Background Intelligent Transfer Service

Bluetooth Support Service

Capture Device Service

COM+ Event System

Creative Service for CDROM Access

Cryptographic Services

Cyberlink RichVideo Service(CRVS)

DCOM Server Process Launcher

DHCP Client

Distributed Link Tracking Client

DNS Client

Error Reporting Service

Event Log

Fast User Switching Compatibility

Help and Support

HID Input Service

IPSEC Services

LightScribeService Direct Disc Labeling Service

Network Connections

Network Location Awareness (NLA)

PLFlash DeviceIoControl Service

Plug and Play

Print Spooler

Protected Storage

Remote Access Connection Manager

Remote Procedure Call (RPC)

Secondary Logon

Security Accounts Manager

Server

Shell Hardware Detection

SSDP Discovery Service

System Event Notification

System Restore Service

Task Scheduler

TCP/IP NetBIOS Helper

Telephony

Terminal Services

Themes

Ulead Burning Helper

WebClient

Windows Audio

Windows Driver Foundation - User-mode Driver Framework

Windows Image Acquisition (WIA)

Windows Time

Wireless Zero Configuration

Workstation

The command completed successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:50:02 PM, on 6/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 5972 bytes

there was no 03-toolbar file thing to delete ..

umm and to answer your questions

the reason i renamed my internet explorer to use all capitals is because..

i currently always use mozilla firefox and therfore i had deleted the shortcut to internet explorer in the start menu .. and interent explorer use to be in start.. programs .. setup folder.. but it was no longer there and i couldnt delete the setup folder in the programs menu so .. when i needed to use internet explorer to use some programs like panda active scan .. cause i couldnt use it in mozilla.. i had to look for internet explorer and i couldnt find it .. so i searched for interenet exploreer and it would take forever .. so what i did was when it was found i dragged and droped the internet explore icon into the start menu programs setup folder .. and the name was something like iinternet explorer basic something something .. and it was so long .. so i renamed it IEXPLORER .. now there was no particular reason for putting caps .. but i changed it to lowecase now ..

kk so that pretty much answers question 1

now question 2. u asked y do i have my iexplorer running on system startup ..

well i didnt even know i had iexplorer running on startup .. and when i start the computer up the iexplorer doesnt come up .. so ther was no way of me even knowing this .. hmm how would i disable that from happening?

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

hey so i did all the information provided and the IEXPLORER i did rename myself so thers nothing to worry about there.

bitcomet should be all gone now .. and also the symantic stuff..

as for the pos*.temp .. they are all gone ..

the only problem i am currently having is that the security updates will not download for some reason .. everytime the ballon in the syestem tray at the bottom right pops up .. i open it .. i try the automatic scan and the custom scan .. it goes downloading .. and then after 2 3 seconds it says failed cannot install updates.. how would i fix that ?? is there even a way?

i know i can download them manually but its hard to look for .. and i dont know what to download ..

if you can help me fix this problem i would appriciate it .. thanx for all the help so far ..

here is my hjk this log .. and the antivirus didnt leave a log .. but nothing was found exept for this one music file which i deleted ..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:39:30 AM, on 6/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')

O4 - S-1-5-18 Startup: iexplorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User '?')

O4 - .DEFAULT Startup: iexplorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 6553 bytes

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

ohh seriously i did not know that.. and yess i ment uninstall not delete .. sorry .. and yess ill be sure to uninstall it right away and i will and do all the instrustions stated previously and i will post a log again .. thank you for letting me know this tho

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

hiii .. umm no i didnt intentially diable the software to not come up when windows starts .. how do i change that.. and the bitcomet you said to delete? but i use it to download movies annd things .. i still have to delete it?

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

Malwarebytes' Anti-Malware 1.17

Database version: 846

2:28:11 AM 6/11/2008

mbam-log-6-11-2008 (02-28-11).txt

Scan type: Quick Scan

Objects scanned: 39470

Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\blphc19pj0ec49.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-06-11 03:59:08

PROTECTIONS: 0

MALWARE: 11

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139535 Application/Processor HackTools No 0 No No C:\SDFix.exe[sDFix\apps\Process.exe]

00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe

00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Ashish\Desktop\SmitfraudFix\SmitfraudFix\Process.exe

00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Ashish\Desktop\SmitfraudFix\Process.exe

00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Ashish\Desktop\SDFix\apps\Process.exe

00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Ashish\Desktop\SDFix\SDFix.exe[sDFix\apps\Process.exe]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.yadro.ru/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP247\A0025419.exe[327882R2FWJFW\NirCmdC.cfexe]

02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Ashish\Desktop\SmitfraudFix\Reboot.exe

02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Ashish\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe

02905717 Adware/Zango Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP139\A0014144.exe

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP192\A0019031.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP211\A0022155.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP211\A0022193.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP212\A0022323.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022620.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP212\A0022358.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022368.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP212\A0022360.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP212\A0022325.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP211\A0022195.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022618.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP211\A0022157.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022632.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP193\A0019038.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP232\A0023579.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP192\A0019033.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP193\A0019036.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022634.inf

02994214 W32/Lineage.IOS.worm Virus/Worm No 0 Yes No J:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP247\A0025580.inf

02998247 W32/Lineage.IPT.worm Virus/Worm No 0 Yes No C:\Documents and Settings\Ashish\Local Settings\Temp\fuc.dll

03042127 Adware/MalwareProtector2008 Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022381.exe

03042127 Adware/MalwareProtector2008 Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP246\A0025239.exe

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022372.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP212\A0022355.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022658.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022629.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{28C57A62-A5C2-49E9-BB09-A56CAAEB50E2}\RP213\A0022615.scr

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location M

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description M

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002 M

184379 MEDIUM MS08-001 M

182048 HIGH MS07-069 M

182046 HIGH MS07-067 M

182043 HIGH MS07-064 M

179553 HIGH MS07-061 M

176382 HIGH MS07-057 M

176383 HIGH MS07-058 M

170911 HIGH MS07-050 M

170907 HIGH MS07-046 M

170906 HIGH MS07-045 M

170904 HIGH MS07-043 M

164915 HIGH MS07-035 M

164913 HIGH MS07-033 M

164911 HIGH MS07-031 M

160623 HIGH MS07-027 M

157262 HIGH MS07-022 M

157261 HIGH MS07-021 M

157260 HIGH MS07-020 M

157259 HIGH MS07-019 M

156477 HIGH MS07-017 M

150253 HIGH MS07-016 M

150249 HIGH MS07-013 M

150248 HIGH MS07-012 M

150247 HIGH MS07-011 M

150243 HIGH MS07-008 M

150242 HIGH MS07-007 M

150241 MEDIUM MS07-006 M

141034 HIGH MS06-076 M

141033 MEDIUM MS06-075 M

141030 HIGH MS06-072 M

137571 HIGH MS06-070 M

137568 HIGH MS06-067 M

133387 MEDIUM MS06-065 M

133386 MEDIUM MS06-064 M

133385 MEDIUM MS06-063 M

133379 HIGH MS06-057 M

131654 HIGH MS06-055 M

129977 MEDIUM MS06-053 M

129976 MEDIUM MS06-052 M

126093 HIGH MS06-051 M

126092 MEDIUM MS06-050 M

126087 HIGH MS06-046 M

126086 MEDIUM MS06-045 M

126083 HIGH MS06-042 M

126082 HIGH MS06-041 M

126081 HIGH MS06-040 M

123421 HIGH MS06-036 M

123420 HIGH MS06-035 M

120825 MEDIUM MS06-032 M

120823 MEDIUM MS06-030 M

120818 HIGH MS06-025 M

120815 HIGH MS06-022 M

120814 HIGH MS06-021 M

114666 HIGH MS06-015 M

114664 HIGH MS06-013 M

108744 MEDIUM MS06-008 M

108743 MEDIUM MS06-007 M

108742 MEDIUM MS06-006 M

104567 HIGH MS06-002 M

104237 HIGH MS06-001 M

96574 HIGH MS05-053 M

93394 HIGH MS05-050 M

93454 MEDIUM MS05-049 M

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:00:21 AM, on 6/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')

O4 - S-1-5-18 Startup: IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User '?')

O4 - .DEFAULT Startup: IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 6763 bytes

[pos*.tmp files in c:// and my documents.. and ads served by decads popups]

Malwarebytes' Anti-Malware 1.04

Database version: 376

Scan type: Quick Scan

Objects scanned: 25248

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:20:28 AM, on 6/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 6333 bytes

[Ads served by dcads]

this is for the wuauclt.exe

MD5: f3e9065eb617a7e3a832a7976bfa021b

Date: 03.17.2008 22:52:27 (CET) [<1D]

Results: 0/32

Permalink: analisis/b70fa9ee2089f765135ee5124323b764

C:\WINDOWS\system32\NOTEPAD.EXE.

MD5: 388b8fbc36a8558587afc90fb23a3b99

Date: 02.29.2008 00:35:34 (CET) [>18D]

Results: 1/32

Permalink: analisis/0f3d5bd8a31f120bc738d22b32520b79

C:\WINDOWS\S1AC7AB47.tmp

this one i couldnt even find ..

KASPERSKY ONLINE SCANNER REPORT

Tuesday, March 18, 2008 2:09:16 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 18/03/2008

Kaspersky Anti-Virus database records: 636667

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target Critical Areas

C:\WINDOWS

C:\DOCUME~1\Ashish\LOCALS~1\Temp\

Scan Statistics

Total number of scanned objects 14008

Number of viruses found 0

Number of infected objects 0

Number of suspicious objects 0

Duration of the scan process 00:08:48

Infected Object Name Virus Name Last Action

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\S1AC7AB47.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{26BC46A7-B0CC-400C-A8AB-0A7FDBDA5533}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ActiveScan\pskavs.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hwsbujgo.dll Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_474.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\Ashish\LOCALS~1\Temp\WCESLog.log Object is locked skipped

Scan process completed.

[Ads served by dcads]

SDFix: Version 1.144

Run by Administrator on Fri 03/07/2008 at 04:45 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Ashish\Desktop\SDFix

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-07 16:49:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5bd7af]

"0017e481ccb2"=hex:27,4f,fc,d0,f1,7c,1f,0e,52,e3,2b,71,7b,5b,f4,a8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a5bd7af]

"0017e481ccb2"=hex:27,4f,fc,d0,f1,7c,1f,0e,52,e3,2b,71,7b,5b,f4,a8

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"

"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"

"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files:

Files with Hidden Attributes:

Sun 23 Dec 2007 72 ..SH. --- "C:\WINDOWS\S1AC7AB47.tmp"

Thu 8 Mar 2007 258,560 A..H. --- "C:\Program Files\Adobe\upx.exe"

Tue 28 Feb 2006 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Tue 28 Feb 2006 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Fri 14 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 8 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 2 Feb 2008 24,758,792 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Ashish\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:54:24 PM, on 3/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 5100 bytes

kk there that should be it.. and im getting pop ups by dcads.. thats mainly the problem

[Ads served by dcads]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:29:00 PM, on 3/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 5582 bytes

The problems that i am still having.. is that ads served by dcads still pops up .. and i cant install any microsoft updates using the automatic updates

[Ads served by dcads]

[Ads served by dcads]

Hi sorry I overlooked this yesterday. I would still like to see a log from SDfix. It is not due the root kit. What symptoms are you still having? A new HJT with the SDfix please. You can delete Smitfraud before running SDfix.

hey sorry it took a while to do ..

SmitFraudFix v2.294

Scan done at 12:45:07.70, Sat 02/23/2008

Run from C:\Documents and Settings\Ashish\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

[Ads served by dcads]

[Ads served by dcads]

SmitFraudFix v2.294

Scan done at 12:45:07.70, Sat 02/23/2008

Run from C:\Documents and Settings\Ashish\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

[Ads served by dcads]

heyy .. theres no dcads in add/remove ... i think there was the toolbar and something else like 2 weeks back but i removed it .. i guess it never came back up ..

but i ran everything and this is the rapport i got

not sure if u need to c it .. but im going to post it

[Ads served by dcads]

i was reading through the information over and over.. and im pritty sure i have to do the sdfix in safemode.. but i have another problem.. when i restart the computer and i keep pressing F8 no safemode option or nything comes up .. it goes straight to the windows loading.. so i tried running the sdfix there.. and when i press Y enter.. then it just closes and when i restart after that thers no log or anything .. so i guess thers no way for me to post it? cause i cant get into safe mode right?? or am i doing something wrong.. cause i been in safemode before so i know im not doing that wrong.. and i pressed F8 from the start or reboot till like the windows blue screen .. so i didint miss it or nything.. any suggestions??

also how would i go about reformatting the computer??? .. i need the windows cd? i have windows home edition cd..

thanx for all your help..

[Ads served by dcads]

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

kk i was trying it and i downloaded it .. and i tried pressing Y and then enter and it kept closing.. then i tried pressing U enter to update.. and it did.. but yea theres no Y option when i click on runthis.bat .. .. but this is what it says

To run the SDFix tool please reboot to Safe Mode

(Reboot, tap the F8 Key and choose Safe Mode from the Advanced Menu)

(SDFix Requires Administrator Account Privileges)

1. Download/Run a-squared (EMSI Software - 15.5 MB)

2. Download/Run Norman Malware Cleaner (Norman - 3.5 MB)

3. Download/Run SAV32CLI (Sophos - 11.5 MB)

4. Download Kaspersky Anti-Virus S.O.S. (Visit Kaspersky Lab)

A. Create System Report

B. Create Service/Driver List

C. Create Catchme Log

D. Export SafeBoot Key

U. Download latest version of SDFix

E. EXIT

(Active Internet Connection Required To Download Files)

Type A,B,C,D,U,1,2,3,4 or E to Exit....

.. soo thers no Y option at all at the bottom.. what should i do ?? am i doing something wrong maybe?? thanx.. lemmi kno byee

[Ads served by dcads]

hi.. i have a question before i do so .. will formatting erase all the data i have saved on my computer??

and also another problem i think i should let u kno about is that i am unable to installl the latest windows security updates .. it always says some files could not be installed.. i dont kno if it has any reference with this but i was just letting you know.. kk thanx.. let me know ..

also when i run HJT and i put a check next to the files .. do i click on fix checked?? or what do i do after i check it ... ?? im guessing click on fix checkd.. but u didnt specify so im not sure..

[Ads served by dcads]

hii .. i have run all 3 procedures .. and this is the log i have gotten ... if someone can help me get rid of the ads by dcads i would greatly appriciate it .. thank u ..

but yeauh im going to paste the stuff here i got from the virus scans

Malwarebytes' Anti-Malware 1.03

Database version: 365

Scan type: Quick Scan

Objects scanned: 23946

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

<<<<<<<<<<<<<<<<<<<<<<<<<<<<panda scan>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ashish\Application Data\Mozilla\Firefox\Profiles\znkhw4fi.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ashish\Cookies\ashish@ads.pointroll[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ashish\Cookies\ashish@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ashish\Cookies\ashish@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ashish\Cookies\ashish@atwola[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ashish\Cookies\ashish@doubleclick[2].txt

Possible Virus. Not disinfected C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<this is from hijack this .. >>>>>>>>>>>>>>>>>>>>

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:29:38 AM, on 2/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-507921405-1202660629-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')

O4 - S-1-5-18 Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User '?')

O4 - .DEFAULT Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: cru629.dat

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: wenyuxni - wenyuxni.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 5529 bytes