trojan i ant get healed

[jenzo]

hi hope u can help on my AVG CENTRE it says i have 32 viruses & 1 Trojan

1st VIRUS SAYS OBJECT NAME 961F110Bdo1,  discovery virus id expolit healable NO

2ND VIRUS OBJECT NAME 9FS6B4Ddo1  discovery virus id expolit

3rd OBJECT NAME OBE1EOD5do1  TROJAN HORSE AGENT  HEALABLE NO

have zonealarm,spy waredoctor,SUPERanti-spyware & spybot S/D

i don't know how the things get in but my computer now restarts it self every so often for no reason

THANK YOU 4 THE TIME TO LOOK INTO THIS HOPE WE CAN SORT IT LAST TIME I HAD 2 WIPE COMPUTER 

[evilfantasy]

Download HijackThis.exe

* Double-click on the installer you just downloaded.
* Click on the Install button to install.
* It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
* Please do not change the default install location.
* Upon install, HijackThis should open for you.

* Next click on the Do a system scan and save a log file button.
* HijackThis will scan and then a log will open in notepad.
* Copy and then paste the log in your next reply.

Note: If you need to save the log for posting later then save it to the desktop.
To save the notepad file to your desktop in notepad click "File" "Save As"
Name it HijackThis.
 
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[jenzo]

here is half because is was to big to post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:49, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

[jenzo]

2ND PART OF TEST

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1197919246171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196690537421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10880 bytes

[jenzo]

oh sorry this comes up as well something about KERNEL  & this deleted in System Startup global entry! when i look on my task manager i dont know what kernel is but it show red & is always high above 60% most of the time but my CPU is never above 30% with 2 games windows open the game is conqueronline.com

hope this is of some help as well thank you

jenzo

[evilfantasy]

One

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
  
• Go To Left Panel, Click Tools, then also in left panel, click Resident
  
• If your firewall raises a question, say OK
  
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  
• Use File, Exit to terminate Spybot
  
• Reboot your machine for the changes to take effect.

.
----------

Two

Uninstall AVG Antivirus. You have the Zone Alarm Security Suite so there is no need for another AV to be installed. It will cause problems including false positives, system slowdowns and crashes.

----------

Three

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
  
• Finally add the contents of the Report.txt in your next post.

.
----------

Four

Now run a new Hijackthis scan and post the log.

----------

Five

Next post please add
SDFix log
NEW Hijackthis log

[jenzo]

sorry but there is no Y to clean computer

its says

1 download/run a-squared
2 download/run norman malware clearner
3 download/run SAV32CLI

A create system report
B create service/drive list
C create catchme log
D export safeboot key

U download lastest version
E exit

i push Y then enter nothings happens i waited 20/30min for anything to come up on screen

sorry about this i have uninstalled AVG started it in safemode F8 no trouble there just this now i have the SDFix file on my deck top it loaded it no trouble

thank you
jenzo

[evilfantasy]

Lets do this instead.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
  
• Link #2
  
• Link #3

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• 
  
  • From the keyboard select 1 and press Enter[/COLOR]
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
  Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
    
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
  .
  ----------
  
  Next post
  Combofix log

[jenzo]

ComboFix 08-02-25.3 - philip 2008-02-28 23:47:00.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.417 [GMT 0:00]
Running from: C:\Documents and Settings\philip\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\vmreg32.dll

.
(((((((((((((((((((((((((   Files Created from 2008-01-28 to 2008-02-28  )))))))))))))))))))))))))))))))
.

2008-02-28 19:10 . 2008-02-28 19:47   <DIR>   d--------   C:\SDFix
2008-02-28 18:56 . 2008-02-28 18:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-28 12:30 . 2008-02-28 12:30   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-27 17:16 . 2008-02-28 04:52   <DIR>   d--------   C:\Program Files\Spyware Doctor
2008-02-27 17:16 . 2008-02-27 17:16   <DIR>   d--------   C:\Documents and Settings\philip\Application Data\PC Tools
2008-02-27 17:16 . 2007-12-10 14:53   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-27 17:16 . 2007-12-10 14:53   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-27 17:16 . 2008-02-01 12:55   42,376   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-27 17:16 . 2007-12-10 14:53   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-02-27 14:42 . 2008-02-27 14:42   <DIR>   d--------   C:\Program Files\Alcohol Soft
2008-02-27 14:38 . 2008-02-27 14:38   716,272   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-24 20:34 . 2003-09-18 14:32   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-02-24 20:34 . 2004-01-14 01:10   163,840   --a------   C:\WINDOWS\BJPSUNST.EXE
2008-02-24 20:33 . 2008-02-24 20:33   <DIR>   d--------   C:\WINDOWS\StartHtmico
2008-02-24 20:33 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-02-24 20:32 . 2005-05-07 05:00   140,288   --a------   C:\WINDOWS\system32\CNMLM7C.DLL
2008-02-24 20:32 . 2005-03-08 18:17   90,112   -ra------   C:\WINDOWS\system32\CNMCP7C.exe
2008-02-24 20:32 . 2005-05-07 05:00   8,704   --a------   C:\WINDOWS\system32\CNMVS7C.DLL
2008-02-24 20:31 . 2008-02-24 20:31   <DIR>   d--h-----   C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-02-24 20:30 . 2008-02-24 20:34   <DIR>   d--------   C:\Program Files\Canon
2008-02-24 18:45 . 2008-02-24 18:45   17,144   --a------   C:\Documents and Settings\philip\Application Data\GDIPFONTCACHEV1.DAT
2008-02-24 18:43 . 2008-02-24 18:43   376   --a------   C:\WINDOWS\ODBC.INI
2008-02-24 18:42 . 2008-02-24 18:42   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-02-24 18:41 . 2008-02-24 18:42   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-02-24 11:54 . 2008-02-24 11:54   <DIR>   dr-h-----   C:\MSOCache
2008-02-19 22:44 . 2008-02-19 22:44   244   --ah-----   C:\sqmnoopt10.sqm
2008-02-19 22:44 . 2008-02-19 22:44   232   --ah-----   C:\sqmdata10.sqm
2008-02-18 22:45 . 2008-02-18 22:45   244   --ah-----   C:\sqmnoopt09.sqm
2008-02-18 22:45 . 2008-02-18 22:45   232   --ah-----   C:\sqmdata09.sqm
2008-02-18 19:07 . 2008-02-18 19:07   244   --ah-----   C:\sqmnoopt08.sqm
2008-02-18 19:07 . 2008-02-18 19:07   232   --ah-----   C:\sqmdata08.sqm
2008-02-18 01:49 . 2008-02-18 01:49   244   --ah-----   C:\sqmnoopt07.sqm
2008-02-18 01:49 . 2008-02-18 01:49   232   --ah-----   C:\sqmdata07.sqm
2008-02-17 19:47 . 2008-02-17 19:47   244   --ah-----   C:\sqmnoopt06.sqm
2008-02-17 19:47 . 2008-02-17 19:47   232   --ah-----   C:\sqmdata06.sqm
2008-02-17 19:38 . 2008-02-17 19:38   0   --a------   C:\WINDOWS\nsreg.dat
2008-02-17 19:11 . 2008-02-17 19:11   244   --ah-----   C:\sqmnoopt05.sqm
2008-02-17 19:11 . 2008-02-17 19:11   232   --ah-----   C:\sqmdata05.sqm
2008-02-16 23:14 . 2008-02-16 23:14   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
2008-02-16 16:44 . 2008-02-16 16:44   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-02-16 16:41 . 2008-02-16 16:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-02-16 16:32 . 2008-02-16 16:32   <DIR>   d--------   C:\Program Files\CCleaner
2008-02-16 09:31 . 2008-02-28 19:58   <DIR>   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 09:26 . 2008-02-16 09:26   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-09 16:47 . 2008-02-09 16:47   <DIR>   d--------   C:\spoolerlogs
2008-02-09 11:22 . 2008-02-09 11:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-09 11:21 . 2008-02-09 11:21   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\iolo
2008-01-31 19:46 . 2008-01-31 19:46   <DIR>   d--------   C:\Program Files\iTunes
2008-01-31 19:46 . 2008-01-31 19:46   <DIR>   d--------   C:\Program Files\iPod
2008-01-31 19:46 . 2008-01-31 19:46   1,409   --a------   C:\WINDOWS\QTFont.for
2008-01-31 19:44 . 2008-02-09 10:31   <DIR>   d--------   C:\Program Files\QuickTime

[jenzo]

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 23:52   ---------   d-----w   C:\Documents and Settings\philip\Application Data\Skype
2008-02-28 19:43   9,526,304   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 19:43   117,740   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-28 18:47   ---------   d-----w   C:\Documents and Settings\philip\Application Data\skypePM
2008-02-28 15:56   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-02-28 15:29   2,425,344   ----a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-02-28 14:24   2,424,832   ----a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-02-28 14:08   2,424,320   ----a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-02-28 07:28   31,232   ----a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-02-28 07:15   2,410,496   ----a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-02-28 06:56   2,409,472   ----a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-02-28 06:27   2,408,960   ----a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-28 06:11   2,408,448   ----a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2008-02-28 05:55   2,407,936   ----a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2008-02-28 05:25   22,016   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-28 05:25   2,407,424   ----a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-28 05:09   22,016   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-28 05:09   2,406,912   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-28 04:52   23,552   ----a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-28 04:36   28,672   ----a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-28 01:14   281,600   ----a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-27 12:41   ---------   d-----w   C:\Documents and Settings\philip\Application Data\uTorrent
2008-02-26 15:33   55,296   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-26 08:48   ---------   d-----w   C:\Program Files\Conquer 2.0
2008-02-25 15:11   56,832   ----a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-25 10:00   24,064   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-25 09:32   23,040   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-25 09:15   32,768   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-25 02:23   125,952   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-24 20:33   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-23 13:13   158,720   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-22 12:24   2,668,544   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-22 02:03   2,500,546   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-22 00:57   2,285,568   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-21 11:11   326,656   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-20 08:34   109,056   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-20 05:52   2,248,704   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-18 15:45   27,136   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-18 08:41   2,670,080   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-09 11:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 19:30   ---------   d-----w   C:\Documents and Settings\philip\Application Data\Apple Computer
2008-01-13 17:03   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-13 17:02   ---------   d-----w   C:\Program Files\Apple Software Update
2008-01-13 17:01   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-01-13 17:01   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-01-08 16:05   2,119,680   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-28 18:04   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 18:04   ---------   d-----w   C:\Program Files\DivX
2007-12-28 18:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\iolo
2007-12-28 17:54   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Nero
2007-12-28 17:39   ---------   d-----w   C:\Program Files\DVDFab HD Decrypter 4
2007-12-28 10:55   ---------   d-----w   C:\Program Files\DVD Shrink
2007-12-28 10:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-28 10:54   ---------   d-----w   C:\Program Files\Your Uninstaller 2006
2007-12-28 10:45   ---------   d-----w   C:\Documents and Settings\philip\Application Data\URSoft
2007-12-26 20:06   158,456   ------w   C:\WINDOWS\system32\pxwma.dll
2007-12-14 19:01   437,096   ----a-w   C:\WINDOWS\system32\Incinerator.dll
2007-12-14 17:13   23,040   ----a-w   C:\WINDOWS\system32\smrgdf.exe
2007-12-07 02:21   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
2007-12-05 19:36   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-05 10:35   44,131   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_05_05_05_12_small.dmp.zip
2007-12-05 02:53   356,352   ----a-w   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 20:34   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
2007-12-04 16:03   1,056   --sha-w   C:\vxljovma.sys
2007-12-04 01:33   823,296   ----a-w   C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33   823,296   ----a-w   C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33   802,816   ----a-w   C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33   682,496   ----a-w   C:\WINDOWS\system32\DivX.dll
2007-12-03 14:40   74,703   ----a-w   C:\WINDOWS\system32\mfc45.dll
2007-12-03 03:31   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2007-12-03 03:31   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
2007-11-29 22:30   524,288   ----a-w   C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30   129,784   ------w   C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30   120,056   ------w   C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30   118,520   ------w   C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28   196,608   ----a-w   C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55   156,992   ----a-w   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53   593,920   ----a-w   C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53   57,344   ----a-w   C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53   53,248   ----a-w   C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53   344,064   ----a-w   C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53   294,912   ----a-w   C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53   294,912   ----a-w   C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52   12,288   ----a-w   C:\WINDOWS\system32\DivXWMPExtType.dll
.

[jenzo]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-16 23:14   262144   --a------   C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-16 23:14 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-16 12:36 21760296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 21:56 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 18:17 69632]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 01:10 409600]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 18:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-28 23:01:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-22 03:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.philip.Runs RegistrySmart to optimize your registry.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 23:52:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-28 23:53:43
ComboFix-quarantined-files.txt  2008-02-28 23:53:37
.
2008-02-27 12:06:34   --- E O F --- 

[jenzo]

well this 1 has gave me this log hope its ok its midnite here in uk so off till tomorrow morning

but thanks you so much just with the AVG gone it has not crashed on me yet so just hope the trojan if 1 has gone with it

[evilfantasy]

Download and install CleanUp!.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

• Click Options...
  
• Move the arrow to Standard CleanUp!
  
• Uncheck the following: (if checked)
  • Delete Newsgroup cache
    
  • Delete Newsgroup Subscriptions
• Click OK

Click the CleanUp! button to start the program. Reboot/logoff when prompted.

Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!


----------

Now run a new Hijackthis scan and post the log please.

[jenzo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:08, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[jenzo]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1197919246171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196690537421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10049 bytes