hi my name is ivan, well i got infected after turning off zonealarm because it would not let me connect to the internet.

after i scaned with zonealarm virtumonde and some other virus came up but zonealarm cant clean em they keep coming back even after safe mode clean up with the windows restore turned off. i get pop ups adverticing anti-virus and free scans(didnt run them of course) but its getting really anoying, my browser is really slow. please help

this is my hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:17 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMf3075b31] Rundll32.exe "C:\WINDOWS\system32\uhupbnqb.dll",s
O4 - HKLM\..\Run: [f03468ad] rundll32.exe "C:\WINDOWS\system32\udmdirvb.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178623426421
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7041 bytes

You're Ready for cleaning.

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

ok ill be waiting, thank you

Hello Ivansga and welcome to CC forums.

I will be your handler. Please follow my directions and do not do any other programs, utilities, nor do any free-surfing while we attempt to clear your pc. Yours has several pieces of malware.

This will take several rounds of cleaning.

Also, have plenty of patience while each utility program is running. Do the following first steps:

Let's turn off some real-time monitors, which will interfere with cleanup tools.
ZoneAlarm's OS Firewall
Go to the Program tab, then click "Main".
Press the first "Custom" button from the top.
Uncheck (to disable or un-checkmark) "Enable OS Firewall".
Click OK.

>
1. Set Windows to show all files and all folders.
Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

This program is for XP and Windows 2000 and Vista


• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.
  
  
• If you use Firefox browser:
  
  
  • Click Firefox at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• If you use Opera browser:
  
  
  • Click Opera at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• Click Exit on the Main menu to close the program.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform FULL Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy & Paste the entire report in a new reply as soon as it has finished.

• Close all applications and windows.
  
• Double-click on dss.exe to run the application; follow the prompts.
  
• When the scan is completed, a text file named Main.txt will open. Please save this file, then close Notepad.
  
• The folder C:\Deckard also will open. This folder will contain another text file named Extra.txt. Please save this file to your desktop, too, then exit Notepad.

• Scan whole System
  
• Scan all files
  
• Scan whole system for rootkits
  
• Scan whole system for spyware
  
• Scan inside archives
  
• Use advanced heuristics

• the MBAM report and
  
• the contents of Main.txt and Extra.txt (from above),
• the F-Secure report.

After you have finished all the steps above, then do these:

Close all browsers and Instant Messenger windows/applications then scan with HijackThis (HJT). Check to following entries, if found now, then click on FIX CHECKED:

Close& Exit Hijackthis.
>
Download the Killbox utility program.
Save it to the Desktop.

Let's setup KILLBOX (which you downloaded & saved earlier).

* Please double-click on Killbox.exe to run it.

* Click on Tools > Delete Temp Files

* Check the following options:

• Temporary Internet Files
  
• Temp Files
  
• XP Prefetch

If you want to delete Cookies, History, and list of recent files (MRU), run you may also check these boxes now.

* Click on Delete Selected Temp Files

NB: Repeat for each User Account by selecting each account in the C:\Documents and Settings\username dropdown box.

* Exit by clicking on Exit (Save Settings), returning to the main Killbox window.

* Select Delete on Reboot.

* Open the Notepad.
Copy all of the file paths below (CTRL+A, CTRL+C) and paste (CTRL+V) them into Notepad:

Code:

C:\WINDOWS\system32\uhupbnqb.dll C:\WINDOWS\system32\udmdirvb.dll

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Press/Select"All Files" (button)

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt.

Notes:

• Killbox will let you know if a file does not exist.
  
  
• If you have any issues with this Paste from Clipboard method, you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot

Then let me know the results.
Also, do a new HijackThis Scan and Save. Reply with the new HJT report.

_________________
~Maurice Naggar
MS-MVP

First of all I am so sorry but i was out for the weekend and could not check my mail. Also, I want to thank you so much for responding and helping me, i will follow the steps and reply as soon as im done with it. thanks so much again. God bless

OK. I had posted two replies. Make sure you do all of the first. And only after that, do all of the second.

im on this step,3.b Visit Malwareteks.com for the IE Defender fix.
Go to http://www.malwareteks.com/FixIEDef.php but the link takes to a page that sais error 404- not found what shall i do? by the way happy aniversary!!!

I'm getting the same error just now. Not sure why the website or webpage is not there (at this time).

Skip just that particular step, and do proceed onward with the steps that follow, for Malwarebytes Anti-Malware and all the rest.

here is the log

Malwarebytes' Anti-Malware 1.12
Database version: 770

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 108278
Time elapsed: 22 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 38
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qoMdcYqq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlIbcY.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cae758c-24a3-401c-8d63-01e58c913b8f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0cae758c-24a3-401c-8d63-01e58c913b8f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\acroiehelper.video (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{5cf87193-fd1e-4400-863d-fd9afc5f402f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{057299d6-7edb-47b8-934c-ed17535a501c} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1c54613a-a5ec-461b-9643-6f18598036a8} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{321fe2f3-d621-4fc2-97e6-f03b1e106163} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3510aa0d-c620-42a7-bca4-5424e887bfbe} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e4fbca2-cf8f-4897-ac8b-ad3fb68dd794} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{423e470a-efec-4b61-80df-7cebaea33912} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{465cd1ab-1a0e-4644-a818-4eea483137f1} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48f5a09e-1f9a-45f6-9028-d3d4af690727} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9946c825-9e64-4cbb-99c3-d853a4ccb6d5} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9b3f8419-b82f-439c-8d5c-0cf7b9ae00aa} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aef1cb9f-75c1-43d0-944d-773beb807c4e} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bdabfcde-65ab-4fd8-9dd5-b250cabdc4b2} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d74eb6f1-1c83-4d06-9dac-b6be82c5fe70} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eebd5970-8e94-4e4d-a2c8-124cb9b5ebac} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f928fa33-fdf8-4332-a626-ca9f7d12e5ad} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ffa41a18-f50e-459e-80b7-6ea78ad9d365} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3fb89201-04de-4430-b5c6-fd57ea654e56} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulibcy (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AcroIEHelper.dll (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f03468ad (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf3075b31 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\user32.dll (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdcyqq -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdcyqq -> No action taken.

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.

Files Infected:
C:\WINDOWS\system32\qoMdcYqq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qqYcdMoq.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qqYcdMoq.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlIbcY.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\WINDOWS\AcroIEHelper.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.

Deckard's System Scanner v20071014.68
Run by IVAN GONZALEZ on 2008-05-20 23:08:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-21 04:08:48 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.17 GiB (less than 15%) free.


-- HijackThis (run as IVAN GONZALEZ.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:03 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\IVAN GONZALEZ\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IVAN GONZALEZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A178511E-E76E-4779-B379-46064ADBA1C4} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178623426421
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7913 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080512-165922-111 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080512-165922-193 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080512-165922-194 O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
backup-20080512-165922-224 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
backup-20080512-165922-828 O4 - HKLM\..\Run: [PKVOLUME] C:\Program Files\PKVolume\PKVOLUME.exe
backup-20080512-165922-861 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
backup-20080512-165923-764 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
backup-20080513-161658-152 O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 GENERICDRV - c:\docume~1\ivango~1\locals~1\temp\pft2e.tmp\amifldrv.sys (file missing)
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
S3 UsbDiag (LGE CDMA USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Modem Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\16DBE528004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\16DBE528004603
Service: NIC1394

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\INFRARED\0000
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol
PNP Device ID: ROOT\INFRARED\0000
Service: irsir


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 22:34:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-20 17:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-20 14:25:57 0 d-------- C:\Documents and Settings\IVAN GONZALEZ\Application Data\Malwarebytes
2008-05-20 14:25:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 14:25:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 13:47:13 0 dr-h----- C:\Documents and Settings\IVAN GONZALEZ\Recent
2008-05-13 16:48:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 16:37:11 2112 --a------ C:\WINDOWS\system32\rmwncfpb.exe
2008-05-12 16:34:25 2112 --a------ C:\WINDOWS\system32\jgmipiwx.exe
2008-05-12 16:18:06 0 d-------- C:\Program Files\Trend Micro
2008-05-12 01:37:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-05-12 01:36:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 01:35:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 01:35:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 01:35:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 01:35:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 01:35:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 01:35:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 01:35:30 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 01:35:30 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 01:35:30 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 01:35:30 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-12 01:35:30 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-12 01:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-12 01:35:29 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-10 05:48:11 2112 --a------ C:\WINDOWS\system32\amvdrycu.exe
2008-05-09 05:48:11 2112 --a------ C:\WINDOWS\system32\nqpdocto.exe
2008-05-08 19:12:54 0 d-------- C:\VundoFix Backups
2008-05-08 18:24:20 0 d-------- C:\Documents and Settings\IVAN GONZALEZ\Application Data\Uniblue
2008-05-08 14:23:18 0 d-------- C:\Documents and Settings\IVAN GONZALEZ\Application Data\MailFrontier
2008-05-08 05:51:28 2112 --a------ C:\WINDOWS\system32\yljypvpc.exe
2008-05-07 05:53:28 2112 --a------ C:\WINDOWS\system32\paasxwyw.exe
2008-05-06 17:41:19 281600 -----n--- C:\WINDOWS\system32\qoMdcYqq.dll
2008-05-06 17:36:15 38400 -----n--- C:\WINDOWS\system32\vtUlIbcY.dll
2008-05-02 20:43:35 0 d-------- C:\Program Files\SurfingAdvisor
2008-04-30 08:57:05 0 dr-hs---- C:\Recycled


-- Find3M Report ---------------------------------------------------------------

2008-05-20 13:42:45 512 --a------ C:\ScanSectorLog.dat
2008-05-19 13:38:40 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-13 16:38:03 0 d-------- C:\Program Files\Yahoo!
2008-05-12 00:03:08 0 d-------- C:\Program Files\PowerISO
2008-05-08 18:13:41 0 d-------- C:\Program Files\LimeWire
2008-05-08 14:12:37 0 d-------- C:\Documents and Settings\IVAN GONZALEZ\Application Data\uTorrent
2008-05-05 10:59:00 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-02 20:38:46 0 d-------- C:\Documents and Settings\IVAN GONZALEZ\Application Data\LimeWire
2008-04-29 22:13:46 84088 --a------ C:\Documents and Settings\IVAN GONZALEZ\Application Data\GDIPFONTCACHEV1.DAT
2008-04-18 02:22:52 0 d-------- C:\Program Files\epson
2008-04-16 01:39:38 0 d-------- C:\Program Files\Google
2008-04-15 19:56:30 0 d-------- C:\Program Files\Java
2008-04-09 11:13:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 12:16:11 0 d-------- C:\Program Files\Online Services
2008-03-22 22:41:38 0 d-------- C:\Program Files\Skype
2008-03-22 22:41:37 0 d-------- C:\Program Files\Common Files
2008-03-22 22:37:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-22 22:35:45 0 d-------- C:\Program Files\Sony
2008-03-20 18:24:27 0 d-------- C:\Program Files\Guitar Pro 5


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A178511E-E76E-4779-B379-46064ADBA1C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 12:29 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 03:21 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [03/14/2008 06:50 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 01:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 08:10 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/03/2006 11:02 AM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/8/2007 9:33:14 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk
backup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
c:\program files\support.com\client\lserver\server.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46867bee-f235-11db-9e12-000c6e3e4508}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af76ce77-3970-11dc-9e6b-000c6e3e4508}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afef6370-4f44-11dc-9e74-000c6e3e4508}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8086afc-eefe-11db-9e0d-000c6e3e4508}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- End of Deckard's System Scanner: finished at 2008-05-20 23:10:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.36 MiB / 258.67 MiB
Pagefile Memory (total/avail): 1250.57 MiB / 1064.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 15.01 GiB total, 2.17 GiB free.
D: is Fixed (NTFS) - 54.86 GiB total, 31.1 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 4.66 GiB
\PARTITION1 (bootable) - Installable File System - 15.01 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 54.86 GiB - D:

\\.\PHYSICALDRIVE1 - Memory Stick Slot



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Security Suite Firewall v7.0.337.000 (Check Point, LTD.) Disabled
AV: ZoneAlarm Security Suite Antivirus v7.0.337.000 (Check Point, LTD.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\program files\\LimeWire\\LimeWire.exe"="D:\\program files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\program files\\BitDownload\\BitDownload.exe"="D:\\program files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\IVAN GONZALEZ\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-ECECF7F4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\IVAN GONZALEZ
LOGONSERVER=\\VALUED-ECECF7F4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\IVANGO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\IVANGO~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VALUED-ECECF7F4
USERNAME=IVAN GONZALEZ
USERPROFILE=C:\Documents and Settings\IVAN GONZALEZ
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

IVAN GONZALEZ (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> D:\program files\ConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem --> agrsmdel
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BSPlayer --> "C:\Program Files\Webteh\BSPlayer\uninstall.exe"
Click to DVD 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX --> D:\program files\DivXCodecUninstall.exe /CODEC
DivX Converter --> D:\program files\ConverterUninstall.exe /CONVERTER
DivX Player --> D:\program files\DivXPlayerUninstall.exe /PLAYER
DivX Subtitle Displayer 5.00 --> "C:\Program Files\DivX Subtitle Displayer\unins000.exe"
DVD Creation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}\setup.exe"
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Giga Pocket 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C61B54-2123-4B0E-8D5F-5DD1C7AE5421}\Setup.exe"
Giga Pocket Hardware Library 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D490016-5D01-4CB3-A037-55814AC63D2E}\Setup.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Office Page for Experience VAIO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{374E48BA-CBC1-4134-86B9-7A97B0E76B2E}\setup.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\u