Member Avatar for mabantot

hello,

from my hjt log/taskmanager i have dvdplay.exe running uncommanded. i ran spybot S&D and it removed a slew of nasties but still didnt detect/remove dvdplay.exe. I have also lost my desktop background. Replaced with a simple blue background.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:10 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\JJ\System32\smss.exe
C:\JJ\system32\winlogon.exe
C:\JJ\system32\services.exe
C:\JJ\system32\lsass.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\system32\svchost.exe
C:\JJ\System32\svchost.exe
C:\JJ\system32\spoolsv.exe
C:\JJ\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\Explorer.EXE
C:\JJ\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\JJ\system32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\YMBOLS~1\fast.exe
C:\JJ\system32\rundll32.exe
F:\Video\IMx3Launcher.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\JJ\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\JJ\system32\wuauclt.exe
C:\JJ\system32\s?stem32\d?dplay.exe
C:\Documents and Settings\Jared.POGI\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7} - C:\JJ\system32\adribk.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\JJ\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Eeoa] "C:\PROGRA~1\COMMON~1\YMBOLS~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [Tcjaxr] C:\JJ\?ppPatch\s?chost.exe
O4 - HKCU\..\Run: [Knepvq] "C:\Documents and Settings\Jared.POGI\My Documents\?ppPatch\?ervices.exe"
O4 - HKCU\..\Run: [Ggkkntdd] C:\JJ\system32\s?stem32\d?dplay.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\JJ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\JJ\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6035 bytes

  • 2 Contributors
  • 5 Replies
  • 186 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by mabantot

Recommended Answers

All 5 Replies

Member Avatar for mabantot

So I ran Super Anti Spyware and it seems to have removed the dvdplay.exe Would someone mind reviewing my HJT log to confirm there are no more nasties?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:01 AM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\JJ\System32\smss.exe
C:\JJ\system32\winlogon.exe
C:\JJ\system32\services.exe
C:\JJ\system32\lsass.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\system32\svchost.exe
C:\JJ\System32\svchost.exe
C:\JJ\system32\spoolsv.exe
C:\JJ\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\Explorer.EXE
C:\JJ\system32\wscntfy.exe
C:\JJ\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\JJ\system32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\JJ\system32\wuauclt.exe
F:\Video\IMx3Launcher.exe
C:\JJ\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Jared.POGI\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\JJ\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tcjaxr] C:\JJ\?ppPatch\s?chost.exe
O4 - HKCU\..\Run: [Knepvq] "C:\Documents and Settings\Jared.POGI\My Documents\?ppPatch\?ervices.exe"
O4 - HKCU\..\Run: [Ggkkntdd] C:\JJ\system32\s?stem32\d?dplay.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\JJ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\JJ\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6026 byte

Member Avatar for gerbil

JJ is your pet name for Windows?
Fix these entries with hijackthis:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Tcjaxr] C:\JJ\?ppPatch\s?chost.exe
O4 - HKCU\..\Run: [Ggkkntdd] C:\JJ\system32\s?stem32\d?dplay.exe

Good. Now delete these files:
C:\JJ\?ppPatch\s?chost.exe
C:\JJ\system32\s?stem32\d?dplay.exe

... and these folders:
C:\JJ\?ppPatch
C:\JJ\system32\s?stem32

... and post a new hijackthis log. Put up the SAS log if you nave it.

Member Avatar for mabantot

JJ is actually the intials of my maternal grandmother who died tragically while trying to save my kitty from our burning house...thanks for bringing up some painful memories.

fixed the checked items,

couldnt find the files nor folder in reference. Tried starting in safe mode too but no avail.

just kidding about grandma; neither her nor my kitty died in the fire

here's the SAS log followed by the hjt log

SUPERAntiSpyware Scan Loghttp://www.superantispyware.com


Generated 10/31/2007 at 02:44 AM


Application Version : 3.9.1008


Core Rules Database Version : 3334
Trace Rules Database Version: 1335


Scan type       : Complete Scan
Total Scan Time : 03:42:00


Memory items scanned      : 500
Memory threats detected   : 2
Registry items scanned    : 5379
Registry threats detected : 54
File items scanned        : 79117
File threats detected     : 138


Adware.ClickSpring-Variant
C:\PROGRA~1\COMMON~1\YMBOLS~1\FAST.EXE
C:\PROGRA~1\COMMON~1\YMBOLS~1\FAST.EXE
C:\JJ\Prefetch\FAST.EXE-372FA060.pf


Adware.ClickSpring/Resident
C:\JJ\system32\SSTEM3~1\DDPLAY~1.EXE
C:\JJ\system32\SSTEM3~1\DDPLAY~1.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP596\A0058140.DLL


Adware.ClickSpring
[Eeoa] C:\PROGRA~1\COMMON~1\YMBOLS~1\FAST.EXE
HKLM\Software\Classes\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}
HKCR\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}
HKCR\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}\InprocServer32
HKCR\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}\InprocServer32#ThreadingModel
HKCR\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}\Programmable
HKCR\CLSID\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}\TypeLib
C:\JJ\SYSTEM32\ADRIBK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8E44521-ABB1-AB6D-BB5A-FA8A31817FC7}
C:\PROGRAM FILES\COMMON FILES\YMBOLS~1\FAST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP602\A0058218.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058397.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058421.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058422.EXE


Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\JJ\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance


Adware.Tracking Cookie
C:\Documents and Settings\Jared.POGI\Cookies\jared@specificclick[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ad.coupons[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@da-tracking[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@tribalfusion[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@perf.overture[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ad.outerinfoads[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@rotator.adjuggler[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@cgi-bin[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@adopt.specificclick[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@babyuniverse.112.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1072719029[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1071477056[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@shopping.112.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@dealtime[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@mediatraffic[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@www.avsystemcare[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ads.pointroll[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@adlegend[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@www.xctrk[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1072559919[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@richmedia.yahoo[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@bizrate[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@server.iad.liveperson[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@trafficmp[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@sales.liveperson[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@login.tracking101[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@fortunecity[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@roiservice[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@serving-sys[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@stat.dealtime[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@adopt.euroclick[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@questionmarket[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@nextag[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@clicksor[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ads.addynamix[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@snapfish.112.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@revsci[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@pointandshop.112.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@71825367[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@41409448[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@indextools[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@babiesexpress[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1071778046[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1071789485[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1068350122[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ad.yieldmanager[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@stats.sellmosoft[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@74613876[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@2o7[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@bluelavagroup.122.2o7[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@partner2profit[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@bs.serving-sys[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@overture[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@eas.apm.emediate[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@ads.techguy[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1069502238[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@tacoda[1].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@login.revenueloop[2].txt
C:\Documents and Settings\Jared.POGI\Cookies\jared@1070818787[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@citi.bridgetrack[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt


Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc


Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc


Adware.ClickSpring/Outer Info Network
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Jared.POGI\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Jared.POGI\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Jared.POGI\Start Menu\Programs\Outerinfo


Adware.Lop
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\VCOBJLOAD\CASH BASH.EXE


Trojan.Downloader-Gen/Installer
C:\JJ\B104.EXE
C:\JJ\B136.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058437.EXE


Trojan.Unknown Origin
C:\JJ\SYSTEM32\WNSAPIICOMSV32.EXE
C:\JJ\UE9HSQ\OH6JMK.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP595\A0058120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP601\A0058208.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP609\A0058307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B69854C-8D98-466F-9639-E785491CD490}\RP611\A0058425.EXE


Adware.Adservs
C:\JJ\UE9HSQ\ASAPPSRV.DLL


Unclassified.Unknown Origin
C:\JJ\UE9HSQ\COMMAND.EXE


Trace.Known Threat Sources
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KH2V4PAF\ctxad-556[1].sig
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\71TCGVYR\ctxad-556[1].0003
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\4561CD2H\ctxad-556[1].0005
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\05ENWLAB\campaigns7[1].encrypted
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\71TCGVYR\client_settings_3[2].bin
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\2XGZ0POV\ctxad-556[1].0006
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\S5ORETAP\ctxad-556[1].0002
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KXMZ0DMR\ctxad-556[1].0000
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\OPEVC9UF\ctxad-556[1].0001
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\1QJ9LQ42\ctxad-558[1].0003
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\S5ORETAP\ctxad-558[1].0004
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\FBUHPF3H\campaigns8[1].encrypted
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KXMZ0DMR\ctxad-558[1].0002
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\14FQ7JXF\ctxad-558[1].sig
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\EYVTPZPR\ctxad-558[1].0001
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\UH9B80OE\ctxad-558[1].0006
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\OPEVC9UF\ctxad-559[1].0000
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\1QJ9LQ42\ctxad-559[1].sig
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KREZ2B0D\ctxad-559[1].0002
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\FBUHPF3H\ctxad-559[1].0006
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\UH9B80OE\ctxad-559[1].0004
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KREZ2B0D\ctxad-559[1].0001
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\71TCGVYR\ctxad-559[1].0003
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\4L2NCDUF\ctxad-570[1].0005
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\5VGPTYZY\ctxad-570[1].0000
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\5VGPTYZY\button.download[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\0HUHWP07\ctxad-570[1].0002
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KREZ2B0D\scan.txt[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\OPEVC9UF\scan.bar[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\71TCGVYR\page.screenshot[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\41UB8L6V\ctxad-570[1].0004
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\14FQ7JXF\icon.arrow[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\UH9B80OE\ctxad-570[1].sig
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\S5ORETAP\main.shadow.btm[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\71TCGVYR\scan.bg[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\S5ORETAP\styler[1].css
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\0HUHWP07\main.shadow.top[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\KXMZ0DMR\index3i1[1].htm
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\OPEVC9UF\solution.2[1].gif
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\05ENWLAB\ctxad-570[1].0006
C:\Documents and Settings\Jared.POGI\Local Settings\Temporary Internet Files\Content.IE5\2XGZ0POV\ctxad-570[1].0003



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:54 AM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\JJ\System32\smss.exe
C:\JJ\system32\winlogon.exe
C:\JJ\system32\services.exe
C:\JJ\system32\lsass.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\system32\svchost.exe
C:\JJ\System32\svchost.exe
C:\JJ\system32\spoolsv.exe
C:\JJ\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\JJ\system32\Ati2evxx.exe
C:\JJ\Explorer.EXE
C:\JJ\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\JJ\system32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\JJ\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\JJ\system32\wuauclt.exe
F:\Video\IMx3Launcher.exe
C:\JJ\system32\wuauclt.exe
C:\Documents and Settings\Jared.POGI\Desktop\HiJackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\JJ\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Knepvq] "C:\Documents and Settings\Jared.POGI\My Documents\?ppPatch\?ervices.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\JJ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\JJ\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 5832 bytes
Edited by pritaeas because: Fixed formatting
Member Avatar for gerbil

:)... I wasn actually going to cry.... some things are just too remote.
The ? marks in those folder names would be replacements for letters, actually an S in this case..
Log is clean. Now before YOU get burnt, get an AV and a firewall.
A list for you to choose from:
AVG FRE, Avast, Avira, AVG AS 7.5, Spywareblaster, ZoneAlarm Free, Kerio, Comodo

AVG Free 7.5 at http://free.grisoft.com/doc/5390/lng/us/tpl/v5
Avira personal free at http://www.free-av.com/
Avast home edition at http://www.avast.com/eng/avast_4_home.html

Cheers.

Member Avatar for mabantot

thanks for the help. I'll get on the AV/Firewall recommendations.
Also, I found duplicates of apppatch and system32 folders, but the svchost.exe and dvdplay.exe files were not in them.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.