Infected, in need of help before it gets worse

[Intrepid_]

Something has infected my computer pretty badly. Some of the many symptoms are:

• Pop-ups (from Internet Explorer)
  
• Random ads playing over my speakers
  
• Volume getting turned down (the "wave" in Volume properties keeps going down to lowest setting)
  
• Slower internet connection
  
• FPS spikes and drops in games such as Counter-strike (99fps, then 1-30 fps for awhile)
  
• Hearing clicking noises in the background, the noise sounds like when you double click a file to open it
  
• Games keep getting minimized randomly (I am not hitting the windows key)
  

Here is the latest Trend Micro Hijack Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:26:36 AM, on 7/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\program files\steam\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ESEA\ESEA Client\eseaclient.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10020 bytes

The most recent Malwarebytes Anti-Malware Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/9/2010 1:02:29 AM

mbam-log-2010-07-09 (01-02-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 2723

Time elapsed: 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here are my computer specifications:

Intel Pentium 4 2.66ghz

Nvidia GEFORCE 9500GT 1gb DDR2

Windows XP Pro S3

4gb RAM / 160gb HD

Dell Dimension E510

Any other info that you acquire please just let me know! I will be checking this topic often!

[Intrepid_]

*bump

[Maniac]

Hello Intrepid_! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Please follow these instructions and post all logs if you can:

http://forums.malwarebytes.org/index.php?showtopic=9573

[Intrepid_]

Would you like to me to post all logs in this topic, or start a new topic?

[Maniac]

Post all logs in this topic.

[Intrepid_]

Avira Logs

Avira AntiVir Personal

Report file date: Saturday, July 10, 2010 02:29

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : Jonathan

Computer name : CHINS2

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Saturday, July 10, 2010 02:29

Starting search for hidden objects.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\ESEA\ESEA Client v1\servers

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\hrzr_hvgbbyone

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\hrzr_hvgbbyone:0k1,120

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\nodeslots

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\0\1\mrulistex

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\0\1\1\mrulistex

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-638219354-2384704684-3207728541-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\157\Shell\colinfo

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\count

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\time

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Prefetcher\tracesprocessed

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\logconf

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\basedevicepath

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\basedevicepath

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\class

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\class

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\classguid

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\classguid

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\devicedesc

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\devicedesc

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\foundatenum

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\problem

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\service

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\service

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\statusflags

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\capabilities

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\configflags

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\driver

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_HPFECP15\0000\driver

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\logconf

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\foundatenum

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\problem

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\statusflags

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\capabilities

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_HPFECP15\0000\configflags

[NOTE] The registry entry is invisible.

c:\program files\internet explorer\iexplore.exe

c:\Program Files\Internet Explorer\iexplore.exe

[NOTE] The process is not visible.

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\logitech\quickcam\lu\lulnchr.exe

c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'chrome.exe' - '50' Module(s) have been scanned

Scan process 'chrome.exe' - '71' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '87' Module(s) have been scanned

Scan process 'msdtc.exe' - '50' Module(s) have been scanned

Scan process 'dllhost.exe' - '55' Module(s) have been scanned

Scan process 'vssvc.exe' - '54' Module(s) have been scanned

Scan process 'avscan.exe' - '79' Module(s) have been scanned

Scan process 'avcenter.exe' - '102' Module(s) have been scanned

Scan process 'eseaclient.exe' - '64' Module(s) have been scanned

Scan process 'KHALMNPR.EXE' - '45' Module(s) have been scanned

Scan process 'COCIManager.exe' - '55' Module(s) have been scanned

Scan process 'iPodService.exe' - '35' Module(s) have been scanned

Scan process 'SetPoint.exe' - '64' Module(s) have been scanned

Scan process 'DLG.exe' - '35' Module(s) have been scanned

Scan process 'ctfmon.exe' - '37' Module(s) have been scanned

Scan process 'steam.exe' - '103' Module(s) have been scanned

Scan process 'ehmsas.exe' - '32' Module(s) have been scanned

Scan process 'avgnt.exe' - '62' Module(s) have been scanned

Scan process 'DMXLauncher.exe' - '31' Module(s) have been scanned

Scan process 'ehtray.exe' - '47' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned

Scan process 'Communications_Helper.exe' - '58' Module(s) have been scanned

Scan process 'Quickcam.exe' - '71' Module(s) have been scanned

Scan process 'stsystra.exe' - '44' Module(s) have been scanned

Scan process 'jusched.exe' - '31' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '40' Module(s) have been scanned

Scan process 'AAWTray.exe' - '34' Module(s) have been scanned

Scan process 'LVComSer.exe' - '44' Module(s) have been scanned

Scan process 'wscntfy.exe' - '30' Module(s) have been scanned

Scan process 'alg.exe' - '43' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '51' Module(s) have been scanned

Scan process 'unsecapp.exe' - '46' Module(s) have been scanned

Scan process 'dllhost.exe' - '70' Module(s) have been scanned

Scan process 'nTuneCmd.exe' - '41' Module(s) have been scanned

Scan process 'Explorer.EXE' - '122' Module(s) have been scanned

Scan process 'CALMAIN.exe' - '34' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '39' Module(s) have been scanned

Scan process 'UpdateCenterService.exe' - '34' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '22' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'nTuneService.exe' - '51' Module(s) have been scanned

Scan process 'LVComSer.exe' - '45' Module(s) have been scanned

Scan process 'jqs.exe' - '41' Module(s) have been scanned

Scan process 'avshadow.exe' - '36' Module(s) have been scanned

Scan process 'ehSched.exe' - '47' Module(s) have been scanned

Scan process 'ehRecvr.exe' - '46' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '36' Module(s) have been scanned

Scan process 'avguard.exe' - '64' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'sched.exe' - '45' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '27' Module(s) have been scanned

Scan process 'spoolsv.exe' - '65' Module(s) have been scanned

Scan process 'AAWService.exe' - '95' Module(s) have been scanned

Scan process 'svchost.exe' - '56' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '163' Module(s) have been scanned

Scan process 'svchost.exe' - '49' Module(s) have been scanned

Scan process 'svchost.exe' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned

Scan process 'lsass.exe' - '64' Module(s) have been scanned

Scan process 'services.exe' - '38' Module(s) have been scanned

Scan process 'winlogon.exe' - '78' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1797' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00070d

[0] Archive type: GZ

[DETECTION] Contains HEUR/HTML.Malware suspicious code

--> unkwn

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IPTPVCNY\build_creative[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\4BQKCATJ6XNCCAQRKVB1CADBY9LICA99WMROCAKRHNOOCA2LVSZ0CAH28D09CA1WZ3QJCACSDP2

OCAE3CZSKCAFI4TRHCA9HHV8PCAZLA1FICAQOX4WNCAYKXW6WCARKDW87CA11YC82CAG3T227.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\YDQPCANNMMZACAPTGC6HCAP6SRHNCA4Q8IQVCANEWNRVCAFOC60BCA99ZETKCATCZ0C1CAYG7O5

YCAE1CFMBCAS66ST3CA279BO5CAXNQVPZCA051KMFCAW3OUN8CAVKEA19CA284P6WCA52814X.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\YJAMCAGYVVG7CAZG0H78CALQP5PBCA8G0X3JCATWRBG1CABD63HMCAWYNKLMCAMY9PP9CA5PJQ6

KCAM0XL1VCA3OR92ECAS91Y0MCA8APY42CAR2LX15CAY84SRXCAEJBES3CA6R3SV0CA340I29.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KUNC943L\ads[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

Beginning disinfection:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KUNC943L\ads[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '4e2fd62f.qua'.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\YJAMCAGYVVG7CAZG0H78CALQP5PBCA8G0X3JCATWRBG1CABD63HMCAWYNKLMCAMY9PP9CA5PJQ6

KCAM0XL1VCA3OR92ECAS91Y0MCA8APY42CAR2LX15CAY84SRXCAEJBES3CA6R3SV0CA340I29.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '566af9ae.qua'.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\YDQPCANNMMZACAPTGC6HCAP6SRHNCA4Q8IQVCANEWNRVCAFOC60BCA99ZETKCATCZ0C1CAYG7O5

YCAE1CFMBCAS66ST3CA279BO5CAXNQVPZCA051KMFCAW3OUN8CAVKEA19CA284P6WCA52814X.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '04c5a340.qua'.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0TCBITOD\4BQKCATJ6XNCCAQRKVB1CADBY9LICA99WMROCAKRHNOOCA2LVSZ0CAH28D09CA1WZ3QJCACSDP2

OCAE3CZSKCAFI4TRHCA9HHV8PCAZLA1FICAQOX4WNCAYKXW6WCARKDW87CA11YC82CAG3T227.htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '62f2ec8c.qua'.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IPTPVCNY\build_creative[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '275ec1ed.qua'.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00070d

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The file was moved to the quarantine directory under the name '588cf3f6.qua'.

End of the scan: Saturday, July 10, 2010 09:15

Used time: 5:23:29 Hour(s)

The scan has been done completely.

12964 Scanned directories

417365 Files were scanned

5 Viruses and/or unwanted programs were found

1 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

6 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

417359 Files not concerned

4894 Archives were scanned

0 Warnings

6 Notes

631916 Objects were scanned with rootkit scan

63 Hidden objects were found

Trend Micro HiJacker Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:19:28 AM, on 7/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\ESEA\ESEA Client\eseaclient.exe

c:\program files\avira\antivir desktop\avscan.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-21-638219354-2384704684-3207728541-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Melvin')

O4 - HKUS\S-1-5-21-638219354-2384704684-3207728541-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Melvin')

O4 - HKUS\S-1-5-21-638219354-2384704684-3207728541-1006\..\Run: [Windows System Suite] "C:\Documents and Settings\All Users\Application Data\776cfcc\WS776c.exe" /s /d (User 'Melvin')

O4 - HKUS\S-1-5-21-638219354-2384704684-3207728541-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Becky')

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: getPlus

Edited July 11, 2010 by AdvancedSetup
Restored font size back to normal

[Maniac]

Did you see that?

http://forums.malwarebytes.org/index.php?showtopic=9573

I want logs from DDS, Defogger and GMER.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.