POP up NIGHTMARE (RESOLVED)

**Franksie** · 26-04-2007

Hi Vince again!!
No lop...no infections found here is the dss log
Deckard's System Scanner v20070423.42
Run by Paula on 2007-04-26 at 15:03:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-04-26 14:03:52 UTC - RP1143 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Paula.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:07, on 07-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Paula\Desktop\dss.exe
C:\DOCUME~1\Paula\Desktop\HJT\Paula.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

-- HijackThis Fixed Entries (C:\DOCUME~1\Paula\Desktop\HJT\backups\) -----------

backup-20070323-153016-110 O2 - BHO: (no name) - À?497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
backup-20070323-153016-206 O2 - BHO: (no name) - ?3D70E-1895-11CF-8E15-001234567890} - (no file)
backup-20070323-153016-218 O2 - BHO: (no name) - p@J - (no file)
backup-20070323-153016-235 O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn283.exe
backup-20070323-153016-301 O2 - BHO: (no name) - @53D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070323-153016-309 O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
backup-20070323-153016-788 O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://systemdoctor.com/download/200...reeInstall.cab
backup-20070323-153016-843 O2 - BHO: (no name) - ¨¨D-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
backup-20070323-153016-958 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v6.cab
backup-20070323-153016-971 O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
backup-20070323-153016-978 O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\16 frag.exe
backup-20070323-153016-998 O2 - BHO: (no name) - rsion - (no file)
backup-20070406-163552-144 O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
backup-20070406-163552-164 O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\transheart.exe
backup-20070419-144819-476 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
backup-20070419-144819-570 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
backup-20070419-144819-654 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070419-144819-696 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070419-144819-747 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070419-144819-871 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c); 1.4.x; 1.2.2.0>
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; Sonic Solutions; ; ; 3.21.94a>
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System; 3.3; 2.49>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System; 3.3; 1.6>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System; 3.4; 1.27>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System; 3.3; 1.5>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System; 3.4; 2.1>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System; 3.4; 2.7>
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys <Verified; Sony Corporation; Windows 2000 DMI Call Kernel Driver; 1.0.01.12050; 1.0.01.12050>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver; 6, 1, 0, 242; 6, 1, 0, 242>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System; 3.3; 6.49>
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; Sonic Solutions; ; ; 1.10.87a>
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; Sonic Solutions; ; ; 1.10.87a>
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; Sonic Solutions; ; ; 2.56.46a>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools; 4, 3, 1, 0; 4, 3, 1, 2>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7; 2.3.1.7; 2.3.1.7>
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; Sonic Solutions; ; ; 1.04.08a>
R3 BCM43XX (BCM 802.11b Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys <Verified; Broadcom Corporation; BCM 802.11g Network Adapter wireless driver; 3.60.7.0; 3.60.7.0>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver; 5.1.2600.1106; 1.2>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 1.2.0>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD; 5, 0, 0, 0; 5, 0, 0, 2>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Verified; Creative Technology Ltd; E-mu Plug-In Architecture; 2.08.00.0004; 5.12.01.1164-2.08.0370>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem; 2.15.36.0; 7.11.0.0>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell; 2, 5, 0, 201; 2, 5, 0, 201>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 2.20>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 2.20>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver; 1.4.x; 2.0.0>
S3 hap17v2k (Creative P17V HAL Driver) - c:\windows\system32\drivers\hap17v2k.sys <Verified; Creative Technology Ltd; Creative Audio Product; 2.08.00.0004; 5.12.01.1164-2.08.0370>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows; 503.1658.1; 503.1658.0>
S3 PAC7311 (VGA SoC PC-Camer@) - c:\windows\system32\drivers\pa707ucm.sys <Not Verified; PixArt Imaging Inc.; PixArt Imaging Inc. PA707UCM; 1, 0, 1, 47; 1, 0, 1, 48>
S3 STV673 (STV0673 Camera) - c:\windows\system32\drivers\stv673.sys <Not Verified; STMicroelectronics; ST-VIBU STV673 Camera Driver; 0-51(beta); 0-51(beta)>
S3 ulusba (NEC 616 Command Port Driver) - c:\windows\system32\drivers\ulusba.sys <Not Verified; NEC Corporation; WCDMA USB Driver for Windows2000/XP; 1.00; 1.0.0.1.20030623>
S3 ulusbc (NEC 616 CONTROL Driver) - c:\windows\system32\drivers\ulusbc.sys <Not Verified; NEC Corporation; WCDMA USB Driver for Windows2000/XP; 1.00; 1.0.0.0.20030623>
S3 ulusbe (NEC 616 ENUMERATION Driver) - c:\windows\system32\drivers\ulusbe.sys <Not Verified; NEC Corporation; WCDMA USB Driver for Windows2000/XP; 1.00; 1.0.0.0.20030623>
S3 ulusbm (NEC 616 Modem Driver) - c:\windows\system32\drivers\ulusbm.sys <Not Verified; NEC Corporation; WCDMA USB Driver for Windows2000/XP; 1.00; 1.0.0.1.20030623>
S3 ulusbo (NEC 616 OBEX Port Driver) - c:\windows\system32\drivers\ulusbo.sys <Not Verified; NEC Corporation; WCDMA USB Driver for Windows2000/XP; 1.00; 1.0.0.2.20030724>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 DJSNETCN (Symantec Licensing Detect Internet Connection) - "c:\program files\common files\symantec shared\djsnetcn.exe" <Verified; Symantec Corporation; Symantec Shared Components; 6.3; 6.3.0.7>
R2 STI Simulator - c:\windows\system32\pastisvc.exe
R3 NSCService (Norton Protection Center Service) - "c:\program files\common files\symantec shared\security console\nscsrvce.exe" <Verified; Symantec Corporation; Norton Security Console; 2006.1.8; 2006.1.8.2>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution; 3.0; 6, 82, 69, 3>

S2 mwEvtMgr (Microsoft Windows Event Manager) - c:\windows\system32\mwevtmgr.exe <Not Verified; Microsoft; mwEvtMgr; 2.00.0078; 2.00.0078>
S3 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\program files\yahoo!\npf\ccpwdsvc.exe" <Verified; Symantec Corporation; Symantec Shared Component; 9.0; 9.0.0.127>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module; 3, 0, 0, 409; 2003, 5, 19, 1>

-- Scheduled Tasks -------------------------------------------------------------

2007-04-26 13:50:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-26 07:18:59 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Paula.job
2007-04-26 02:00:00 332 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2007-04-21 12:18:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-03-26 and 2007-04-26 -----------------------------

2007-04-24 12:34:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-04-19 15:05:47 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver; 1.0.0.14; 1.0.0.14>
2007-04-13 21:10:06 0 d-------- C:\Program Files\ArcSoft
2007-04-13 21:10:05 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit; 3, 0, 0, 0; 3, 0, 0, 0>
2007-04-12 16:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-04-12 16:25:50 0 d-------- C:\Program Files\IVT Corporation
2007-04-12 16:23:48 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver; 2, 0, 0, 57; 2, 0, 0, 57>
2007-04-12 16:23:48 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K; 1, 0, 0, 1; 1, 0, 3, 7>
2007-04-12 16:23:48 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950; 1.0.00.001; 1, 0, 0, 2>
2007-04-12 16:23:48 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K; 1, 0, 0, 1; 1, 0, 3, 5>
2007-04-12 16:23:47 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray; 1, 0, 0, 1; 1, 0, 0, 2>
2007-04-12 16:23:47 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x; 3.0.4.001; 3.0.4.001>
2007-04-12 16:23:38 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil; 1.4.x; 1.2.2.0>
2007-04-12 16:23:38 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 2.20>
2007-04-12 16:23:38 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 2.20>
2007-04-12 16:23:38 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2007-04-12 16:23:38 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2007-04-12 16:23:38 148830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys <Not Verified; Broadcom Corporation; USB Driver for Broadcom Blutonium Bluetooth Adapter; 3.3.6.0; 3.3.6.0>
2007-04-12 16:23:37 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; ; ; 2.15.7>
2007-04-12 16:23:37 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil; 1.4.x; 1.2.0>
2007-04-12 16:23:37 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil(c); 1.4.x; 1.2.2.0>
2007-04-12 16:23:37 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver; 1.4.x; 2.0.0>
2007-04-12 16:23:37 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver; 5.1.2600.1106; 1.2>
2007-04-12 16:23:37 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil; 1, 4, 9, 0; 1, 0, 1, 1>
2007-04-12 16:23:37 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil; 1, 6, 0, 0; 1, 2, 0, 0>
2007-04-11 05:47:37 0 d-------- C:\WINDOWS\Drivers
2007-04-06 16:22:59 424 --a------ C:\delete.bat
2007-04-06 10:00:44 0 d-------- C:\Documents and Settings\All Users\Application Data\plus burn bind second
2007-04-06 10:00:33 0 d-------- C:\Program Files\Option dead
2007-04-05 20:25:36 44239 --a------ C:\sound32.dll
2007-04-05 20:24:34 984 --a------ C:\WINDOWS\ssconf2.bin
2007-04-05 20:24:34 3463656 --a------ C:\WINDOWS\SimAQUARIUM2 Tank-1.scr <Not Verified; Digital Illusions Software; d3Demo Maker; 2, 0, 0, 1; 2, 0, 0, 1>
2007-04-05 20:24:32 0 d-------- C:\Program Files\SimAQUARIUM2
2007-04-05 20:10:09 2759082 --a------ C:\WINDOWS\Sim AQUARIUM 2.scr <Not Verified; Digital Illusions Software - ss3d.com; SimAQUARIUM; 1, 0, 0, 1; 2, 0, 0, 1>
2007-04-05 20:10:06 0 d-------- C:\Program Files\Sim AQUARIUM 2
2007-04-04 11:45:54 0 d-------- C:\temp
2007-04-04 11:30:25 0 d-------- C:\Program Files\THQ
2007-04-03 20:57:04 0 d-------- C:\Documents and Settings\Paula\Application Data\Nokia Multimedia Player
2007-04-03 20:49:26 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-03 20:49:10 0 d-------- C:\Program Files\PC Connectivity Solution
2007-04-03 20:44:08 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys <Verified; Nokia; ; ; 6.82.3.0>
2007-04-03 20:44:07 4608 --a------ C:\WINDOWS\system32\nmwcdlog.dll <Verified; Nokia; ; ; 6.82.3.0>
2007-04-03 20:44:07 30720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll <Verified; Nokia; ; ; 6.82.3.0>
2007-04-03 20:44:07 9216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys <Verified; Nokia; ; ; 6.82.3.0>
2007-04-03 20:44:07 138240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys <Verified; Nokia; ; ; 6.82.3.0>
2007-04-01 18:25:03 0 dr-h----- C:\Documents and Settings\Administrator.PAULA-0BFEEFF0A\Recent
2007-03-30 18:14:58 0 d-------- C:\Program Files\NoAdware5.0
2007-03-30 15:16:28 0 d-------- C:\WINDOWS\Paltalk Messenger
2007-03-28 09:09:30 0 d-------- C:\Documents and Settings\Administrator.PAULA-0BFEEFF0A\Application Data\Google
2007-03-28 09:07:51 0 d-------- C:\Documents and Settings\Administrator.PAULA-0BFEEFF0A\Contacts
2007-03-27 12

09 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Verified; Symantec Corporation; SYMEVENT; 12.3.0.15; 12.3.0.15>
2007-03-27 12

09 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS <Verified; Symantec Corporation; SYMEVENT; 12.3.0.14; 12.3.0.14>
2007-03-27 12:16:40 0 d-------- C:\Program Files\Symantec
2007-03-26 16:45:48 118832 --a------ C:\WINDOWS\system32\SHW32.DLL <Not Verified; MicroQuill Software Publishing, Inc.; SmartHeap; 6.02; 6.02.38>

-- Find3M Report ---------------------------------------------------------------

2007-04-25 16:46:04 0 d-------- C:\Program Files\DC++
2007-04-25 14:43:32 0 d-------- C:\Documents and Settings\Paula\Application Data\uTorrent
2007-04-24 14:33:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-15 18:18:39 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-13 21:10:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-12 20:12:42 0 d-------- C:\Program Files\EA GAMES
2007-04-12 15:23:00 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 14:37:40 0 d-------- C:\Program Files\Common Files\Motive
2007-04-11 06:09:40 0 d-------- C:\Program Files\BT Home Hub
2007-04-11 05:47:34 0 d-------- C:\Program Files\BT Broadband 2091
2007-04-10 20:55:18 0 d-------- C:\Documents and Settings\Paula\Application Data\Yahoo!
2007-04-07 14:42:42 0 d-------- C:\Program Files\QuickTime
2007-04-07 14:42:06 0 d-------- C:\Program Files\Apple Software Update
2007-04-06 16:33:53 0 d-------- C:\Program Files\XoftSpy
2007-04-06 16:16:10 0 d-------- C:\Program Files\Java
2007-04-06 12:45:30 0 d-------- C:\Documents and Settings\Paula\Application Data\Adobe
2007-04-06 10:00:51 0 d-------- C:\Documents and Settings\Paula\Application Data\Option dead
2007-04-03 22:33:51 0 d-------- C:\Program Files\CloneDVD
2007-04-03 20:49:26 0 d-------- C:\Program Files\Nokia
2007-04-03 20:49:26 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-02 14:44:34 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-02 12:27:28 0 d-------- C:\Program Files\Paltalk Messenger
2007-03-31 22:54:39 0 d-------- C:\Documents and Settings\Paula\Application Data\Screenshot Sender
2007-03-25 20:50:59 0 d-------- C:\Documents and Settings\Paula\Application Data\AVG7
2007-03-23 16:38:04 0 d-------- C:\Program Files\IrfanView
2007-03-22 10:42:05 0 d-------- C:\Program Files\CCleaner
2007-03-20 18:41:01 0 d-------- C:\Program Files\Macrogaming
2007-03-14 12:03:32 0 d-------- C:\Program Files\BT Voyager
2007-03-12 13:34:23 0 d-------- C:\Program Files\Common Files\System32
2007-03-11 16:25:43 0 d-------- C:\Program Files\Google
2007-03-09 14:58:45 0 d-------- C:\Documents and Settings\Paula\Application Data\STOPzilla!
2007-03-09 14:38:15 0 d-------- C:\Program Files\Disk and Registry Alert Trial
2007-03-09 14:31:22 0 d-------- C:\Documents and Settings\Paula\Application Data\Uniblue
2007-03-09 14:23:17 0 d-------- C:\Program Files\Yahoo!
2007-02-27 23:34:59 0 d-------- C:\Documents and Settings\Paula\Application Data\vlc
2007-02-27 23:29:56 0 d-------- C:\Program Files\VideoLAN
2007-02-27 23:14:59 0 d-------- C:\Program Files\VCDEasy
2007-02-27 23:12:27 0 d-------- C:\Documents and Settings\Paula\Application Data\Audio2VCD
2007-02-27 23:12:02 0 d-------- C:\Program Files\Audio2VCD
2007-02-27 23:03:25 0 d-------- C:\Program Files\Quick CD DVD Burner
2007-02-12 17:22:48 538256 --a------ C:\WINDOWS\system32\SymNeti.dll <Verified; Symantec Corporation; Symantec Security Drivers; 6.0; 6.0.5.506>
2007-02-12 17:22:46 161424 --a------ C:\WINDOWS\system32\SymRedir.dll <Verified; Symantec Corporation; Symantec Security Drivers; 6.0; 6.0.5.506>

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Yahoo!\NAV\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\sw g.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.ex e"
"NWEReboot"=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Yahoo! Pager"="~C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.ex e -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"Steam"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Cdrom wait"="C:\\DOCUME~1\\Paula\\APPLIC~1\\OPTION~1\\WA RN ENC.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"DJSNetCN"="C:\\Program Files\\Common Files\\Symantec Shared\\DJSNETCN.exe"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MIC ROS~1\\DW\\dwtrig20.exe\" -t"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOEAD5~1\\GOOGLE~ 1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="BTSoftphone"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="BTHelpNotifier"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\ \BTHelpNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.ex e"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="LaunchApplication"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon .exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="yop"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-04-26 at 15:10:10 ---------

Here is the uninstall

µTorrent
AC3Filter (remove only)
Adobe Photoshop CS
Adobe Reader 7.0
Adobe Shockwave Player
Apple Software Update
ArcSoft Camera Suite 1.3
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audio2VCD
AVG Anti-Spyware 7.5
AVI DivX to DVD SVCD VCD Converter 1.1.2
AVI to VCD/DVD 4.02
AviSynth 2.5
Battle of Britain II
Bejeweled 2
BlueSoleil
Boilosft AVI to VCD SVCD DVD Converter 1.28
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
BroadJump Client Foundation
BT Softphone 1.5.3.6
BT Voyager Wireless Utility
BT Yahoo! Applications
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
CloneCD
CloneDVD 3.5
Command & Conquer Generals
Command & Conquer Tiberian Sun
Command and ConquerTM Generals Zero Hour
ConvertMovie 2.0
coverXP (remove only)
Creative Audio Console
Crimson Skies (c) Microsoft
Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.17
Cucusoft MPEG to DVD Burner 2.18
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.07.1
DC++ 0.698
Dell ResourceCD
Disk and Registry Alert Trial
DivX
DivX Player
EA SPORTS online 2007
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
G-Force
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Google Video Player
Half-Life(R) 2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Huffyuv AVI lossless video codec (Remove Only)
Image Resizer Powertoy for Windows XP
Intel(R) 537EP V9x DF PCI Modem
Internet Worm Protection
IrfanView (remove only)
IsoBuster 2.1
iTunes
J2SE Runtime Environment 5.0 Update 11
Jewel Quest (remove only)
Luxor
Luxor
Luxor - Amun Rising
Luxor 2 (remove only)
Macrogaming SweetIM 2.0
Macromedia Authorware Web Player
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Microsoft Crimson Skies
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Text To Speech Engine
Microsoft Windows Vista Upgrade Advisor
Monopoly
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
NAVShortcut
Network Play System (Patching)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall
Norton Protection Center
Norton Spyware Scan provided by Yahoo!
Norton WMI Update
Norton WMI Update
PC Connectivity Solution
PC VGA Camer@
PIF DESIGNER2.1
PowerDVD 5.3
Quick CD/DVD Burner V2.6
QuickTime
RealPlayer
Registry Mechanic 4.0
ScanToWeb
Scrabble (remove only)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Silent Hunter III
Sim AQUARIUM 2
SimAQUARIUM2 Tank-1 Screensaver
Skype 2.0
Sonic 3D
Sonic DLA
SoundFont Bank Manager
SPBBC
Spybot - Search & Destroy 1.4
Steam(TM)
Super DVD Creator 5.0
SweetIM For Internet Explorer 3.0b
Symantec
The Sims
The Sims 2
Tiger Woods PGA TOUR 07
Total Annihilation
TrackMania United DVD Patch 2006-12-15
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
V5388 Digital Camera Driver
VCDEasy
VideoLAN VLC media player 0.8.6a
Westwood Shared Internet Components
WinAce Archiver
WinAVIVideoConverter
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Zuma Deluxe 1.0

Thx Again

**Franksie** · 12-05-2007

Any chance you can look at above.
thx Paul

**VopThis** · 12-05-2007

FYI - there appears to be a strong risk (and potential reinfection/resistance) association between CiD infections and the use of P2P applications.

Disable 'Windows Defender' as per previous instructions.

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD

That is a too limited block list for undesirable sites.

Get HostsXpert here:
http://www.funkytoad.com/download/HostsXpert.zip

Unzip it to a convenient place and run the program.
If you see red text (‘Make Writeable?’) then press the ‘Make Writeable?’ BUTTON.
Click ’Restore MS Hosts File’ BUTTON.
You will be asked to confirm ’Press OK to Restore Microsofts original Hosts File’. Click ’OK’ BUTTON.
Next,
Click the ‘Download’ BUTTON>’MVPs Hosts’ BUTTON>’Replace’.
Close the program.

Download deldomains:
http://www.mvps.org/winhelp2002/DelDomains.inf
When you click on the link, select Save. Save it to your desktop. Once on the desktop: It appears as an icon that looks like a notebook tablet with a gear overlaid on it.

To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Note: Because this will remove all entries in both the Trusted Zone and the Restricted Zone, any program, tool, or settings that were previously used to set restrictions will need to be reset:
Examples: (if these are being used),

Spybot's "Immunize" feature is affected, you will need to re-immunize
SpywareBlaster's "Enable all protection" feature will have to be re-enabled
IE-SPYADS will have to be reinstalled

Clean up the following HijackThis item (and FOLDER) as before:

O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe

Also,
Delete the following FOLDER (in SAFE MODE, if necessary):

C:\Documents and Settings\All Users\Application Data\plus burn bind second

Go back into the Control Panel and double-click the Java Icon.

Under Temporary Internet Files, click the Delete Files button.
There are three options shown in the (popup) window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

POst a revised HijackThis LOG and tell us how your PC is now doing.

POP up NIGHTMARE (RESOLVED)

Re: POP up NIGHTMARE (RESOLVED)

Similar Threads

Computer Nightmare!(RESOLVED)

Pop up nightmare- Not a techy(RESOLVED)

xp nightmare

www.v73.us nightmare

Popups a Bloody Nightmare (Resolved)