Tech Support Forum - View Single Post - Trojans, popups galore--response time awful

Mrshudson9 · 10-16-2007, 10:49 PM

This laptop only has 512 MB RAM. Could the slowness on the first ComboFix scan be the result of one of the infections?

Even though Kaspersky scan shows problems, haven't had a pop-up all evening. Also, speed is much improved as well. Acts NORMAL.

ViewPoint does not show up as a program under Add or Remove Programs. Do see a folder under C:\Program Files called Viepoint. There is another folder in it re Viewpoint Experirence Technology. May I delete these?

Do not know what program "Win Touch" does. It appears in Add or Remove Programs list. Do not recognize it. Should I delete this?

When deleting entries as instructed in HijackThis log, was asked to allow the registry changes, which I did.

While running Kaspersky lost wireless network connection once. Finished loading upon resetting router and rebooting computer.

Three logs follow: Kaspersky, ComboFix (which was done in just a few minutes this time), and new HijackThis. Thank you very much. Time for some zzzs.

KASPERSKY LOG:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 17, 2007 12:15:34 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/10/2007
Kaspersky Anti-Virus database records: 437042
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 39958
Number of viruses found: 9
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 00:56:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\uexifq.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\WinTouch\WTUninstaller.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\kuri\kurim.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: Trojan.Win32.Agent.bnd skipped
C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\crap.1169127126.old.vir/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\crap.1169127126.old.vir Embedded EXE: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1190154258.old.vir Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\qoobox\Quarantine\C\Program Files\Words\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped
C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.dn skipped
C:\qoobox\Quarantine\C\WINNT\IA\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\qoobox\Quarantine\C\WINNT\IA\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\qoobox\Quarantine\C\WINNT\system32\adymwcri.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\aripsseu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\danaxemf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\dvnlvlpc.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\eluofjec.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\fdonvofr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\fggufqjl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\fiiecuho.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\gowrlisl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\hlnlmcnp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\hreplxfe.dll.vir Infected: Trojan.Win32.Pakes.su skipped
C:\qoobox\Quarantine\C\WINNT\system32\htjkowmv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\iuqivssy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\kwinnmdt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\qoobox\Quarantine\C\WINNT\system32\nnhsgpfp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\oenksekp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\ooyrehbe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\ulrpmjdo.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\ummnnkbd.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINNT\system32\unhtglxm.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101035.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101036.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101037.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101038.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101039.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101040.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101041.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101042.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101043.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101044.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101045.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101046.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101047.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101048.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101049.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101050.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101051.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101052.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101053.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101078.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101079.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101080.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101091.old/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101091.old Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101102.old Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101103.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101104.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101107.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101108.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101142.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\change.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\MEMORY.DMP Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{57B641CF-0354-47C2-8484-412E4824B118}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\DEFAULT Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SOFTWARE Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SYSTEM Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

COMBOFIX LOG:

ComboFix 07-10-15.1 - Administrator 2007-10-17 0:16:19.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.296 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-16 22:54 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-10-16 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-15 20:57 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-11 20:34 <DIR> d-------- C:\Deckard
2007-10-11 20:27 <DIR> d-------- C:\Program Files\HijackThis--by Becky
2007-10-11 20:19 <DIR> d-------- C:\WINNT\LastGood
2007-10-11 00:41 313,856 --a------ C:\WINNT\system32\dx3j.dll
2007-10-11 00:41 171,280 --a------ C:\WINNT\system32\jit.dll
2007-10-11 00:41 139,536 --a------ C:\WINNT\system32\javaee.dll
2007-10-11 00:41 46,352 --a------ C:\WINNT\setdebug.exe
2007-10-11 00:41 6,550 --a------ C:\WINNT\jautoexp.dat
2007-10-11 00:41 113 --a------ C:\WINNT\system32\zonedon.reg
2007-10-11 00:41 113 --a------ C:\WINNT\system32\zonedoff.reg
2007-10-11 00:19 991,232 --a------ C:\WINNT\system32\esent.dll
2007-10-11 00:04 <DIR> d-------- C:\WINNT\LastGood.Tmp
2007-10-10 23:47 <DIR> d-------- C:\ie-spyad_zo
2007-10-10 23:40 <DIR> d-------- C:\Program Files\IE-Spyad by Becky
2007-10-10 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-10 23:24 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL
2007-10-09 23:49 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-10-09 20:46 <DIR> d--h----- C:\WINNT\$hf_mig$
2007-10-09 20:46 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2007-10-09 20:43 <DIR> d-------- C:\WINNT\system32\bits
2007-10-09 20:42 361,984 --a------ C:\WINNT\system32\dllcache\qmgr.dll
2007-10-09 20:42 331,776 --a------ C:\WINNT\system32\winhttp.dll
2007-10-09 20:42 331,776 --a------ C:\WINNT\system32\dllcache\winhttp.dll
2007-10-09 20:42 17,408 --a------ C:\WINNT\system32\qmgrprxy.dll
2007-10-09 20:42 17,408 --a------ C:\WINNT\system32\dllcache\qmgrprxy.dll
2007-10-09 20:42 7,680 --------- C:\WINNT\system32\dllcache\bitsprx2.dll
2007-10-09 20:42 7,680 --a------ C:\WINNT\system32\bitsprx2.dll
2007-10-09 20:42 7,168 --------- C:\WINNT\system32\dllcache\bitsprx3.dll
2007-10-09 20:42 7,168 --a------ C:\WINNT\system32\bitsprx3.dll
2007-10-09 20:36 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-10-09 20:36 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-10-09 20:36 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-10-09 20:36 33,624 --a------ C:\WINNT\system32\wups.dll
2007-10-06 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-06 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-06 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 11:58 --------- d-----w C:\Program Files\QuickTime
2007-10-10 11:55 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-10 11:54 --------- d-----w C:\Program Files\iTunes
2007-10-10 11:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 11:49 --------- d-----w C:\Program Files\AIM
2007-10-10 04:01 --------- d-----w C:\Program Files\FilmLoop Player
2007-10-10 01:09 --------- d-----w C:\Program Files\Viewpoint
2007-10-10 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-28 17:55 --------- d-----w C:\Program Files\Full Tilt Poker
2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2007-07-30 23:19 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2002-11-01 19

38 32 --sha-w C:\WINNT\{7C9C949C-F6AC-4CBA-941B-D3251B92CECE}.dat
2002-11-01 19

38 32 --sha-w C:\WINNT\system32\{C1248350-C897-4F83-9123-E8EDC393A253}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-10-16_ 9.03.29.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-16 04:24:47 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-17 03:11:08 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2007-10-16 04:24:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-17 03:11:08 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-16 04:24:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-17 03:11:08 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2004-02-04 20:29:24 C:\Program Files\AIM\bak\aim.exe

----a-w 28,672 2002-07-24 20:20:02 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 3,436,544 2006-06-18 00:04:04 C:\Program Files\FilmLoop Player\bak\FilmLoop.exe

----a-w 278,528 2005-10-06 23:03:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 143,360 2003-02-11 20:44:20 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 155,648 2005-12-25 19:19:18 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 15:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINNT\System32\LgNotify.dll 2003-02-28 17:01 110592 C:\WINNT\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
"C:\Program Files\Gateway Utilities\GWInkMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

R3 GTWModem;GTW Modem;C:\WINNT\System32\DRIVERS\GWMDM.sys
R3 Intel_MIPMNMP;Intel Adapter Switching Driver;C:\WINNT\System32\DRIVERS\mipmnxp.sys
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINNT\System32\DRIVERS\w70n51.sys
S3 allegro;ESS Allegro Audio Driver (WDM);C:\WINNT\System32\drivers\es198x.sys
S3 wlluc48;Wireless LAN PC Card Driver;C:\WINNT\System32\DRIVERS\wlluc48.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 01:29:47 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
"2003-10-09 22:07:52 C:\WINNT\Tasks\ISP signup reminder 2.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2003-10-09 22:07:53 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2003-10-10 02:39:52 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 00:18:04
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 0:19:27
C:\ComboFix2.txt ... 2007-10-16 09:04
.
--- E O F ---

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:26:27 AM, on 10/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\wuauclt.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICEOWS\ViewUpd\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191976536220
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.free-computer-wallpapers.com/beach.5.jpg

--
End of file - 6515 bytes

10-16-2007, 10:49 PM	#6 (permalink)
Mrshudson9 Registered User Join Date: Oct 2004 Posts: 8 OS: Win2000	Re: Trojans, popups galore--response time awful This laptop only has 512 MB RAM. Could the slowness on the first ComboFix scan be the result of one of the infections? Even though Kaspersky scan shows problems, haven't had a pop-up all evening. Also, speed is much improved as well. Acts NORMAL. ViewPoint does not show up as a program under Add or Remove Programs. Do see a folder under C:\Program Files called Viepoint. There is another folder in it re Viewpoint Experirence Technology. May I delete these? Do not know what program "Win Touch" does. It appears in Add or Remove Programs list. Do not recognize it. Should I delete this? When deleting entries as instructed in HijackThis log, was asked to allow the registry changes, which I did. While running Kaspersky lost wireless network connection once. Finished loading upon resetting router and rebooting computer. Three logs follow: Kaspersky, ComboFix (which was done in just a few minutes this time), and new HijackThis. Thank you very much. Time for some zzzs. KASPERSKY LOG: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, October 17, 2007 12:15:34 AM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 17/10/2007 Kaspersky Anti-Virus database records: 437042 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ E:\ Scan Statistics: Total number of scanned objects: 39958 Number of viruses found: 9 Number of infected objects: 62 Number of suspicious objects: 0 Duration of the scan process: 00:56:50 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\uexifq.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\WinTouch\WTUninstaller.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\qoobox\Quarantine\C\Program Files\Common Files\kuri\kurim.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: Trojan.Win32.Agent.bnd skipped C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\crap.1169127126.old.vir/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.by skipped C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\crap.1169127126.old.vir Embedded EXE: infected - 1 skipped C:\qoobox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1190154258.old.vir Infected: not-a-virus:AdWare.Win32.BHO.by skipped C:\qoobox\Quarantine\C\Program Files\Words\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.dn skipped C:\qoobox\Quarantine\C\WINNT\IA\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\qoobox\Quarantine\C\WINNT\IA\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\qoobox\Quarantine\C\WINNT\system32\adymwcri.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\aripsseu.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\danaxemf.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\dvnlvlpc.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\eluofjec.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\fdonvofr.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\fggufqjl.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\fiiecuho.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\gowrlisl.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\hlnlmcnp.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\hreplxfe.dll.vir Infected: Trojan.Win32.Pakes.su skipped C:\qoobox\Quarantine\C\WINNT\system32\htjkowmv.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\iuqivssy.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\kwinnmdt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped C:\qoobox\Quarantine\C\WINNT\system32\nnhsgpfp.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\oenksekp.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\ooyrehbe.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\ulrpmjdo.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\ummnnkbd.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINNT\system32\unhtglxm.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101035.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101036.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101037.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101038.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101039.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101040.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101041.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101042.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101043.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101044.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101045.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101046.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101047.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101048.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101049.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101050.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101051.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101052.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101053.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101078.exe Infected: Trojan.Win32.Agent.bnd skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101079.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101080.exe Infected: Trojan.Win32.Agent.bnd skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101091.old/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.by skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101091.old Embedded EXE: infected - 1 skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101102.old Infected: not-a-virus:AdWare.Win32.BHO.by skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101103.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101104.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101107.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101108.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\A0101142.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP472\change.log Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\MEMORY.DMP Object is locked skipped C:\WINNT\SchedLgU.Txt Object is locked skipped C:\WINNT\SoftwareDistribution\EventCache\{57B641CF-0354-47C2-8484-412E4824B118}.bin Object is locked skipped C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINNT\Sti_Trace.log Object is locked skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\DEFAULT Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\SOFTWARE Object is locked skipped C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\SYSTEM Object is locked skipped C:\WINNT\system32\config\system.LOG Object is locked skipped C:\WINNT\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINNT\system32\h323log.txt Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINNT\wiadebug.log Object is locked skipped C:\WINNT\wiaservc.log Object is locked skipped C:\WINNT\WindowsUpdate.log Object is locked skipped Scan process completed. COMBOFIX LOG: ComboFix 07-10-15.1 - Administrator 2007-10-17 0:16:19.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.296 [GMT -4:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-16 22:54 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab 2007-10-16 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-15 20:57 51,200 --a------ C:\WINNT\NirCmd.exe 2007-10-11 20:34 <DIR> d-------- C:\Deckard 2007-10-11 20:27 <DIR> d-------- C:\Program Files\HijackThis--by Becky 2007-10-11 20:19 <DIR> d-------- C:\WINNT\LastGood 2007-10-11 00:41 313,856 --a------ C:\WINNT\system32\dx3j.dll 2007-10-11 00:41 171,280 --a------ C:\WINNT\system32\jit.dll 2007-10-11 00:41 139,536 --a------ C:\WINNT\system32\javaee.dll 2007-10-11 00:41 46,352 --a------ C:\WINNT\setdebug.exe 2007-10-11 00:41 6,550 --a------ C:\WINNT\jautoexp.dat 2007-10-11 00:41 113 --a------ C:\WINNT\system32\zonedon.reg 2007-10-11 00:41 113 --a------ C:\WINNT\system32\zonedoff.reg 2007-10-11 00:19 991,232 --a------ C:\WINNT\system32\esent.dll 2007-10-11 00:04 <DIR> d-------- C:\WINNT\LastGood.Tmp 2007-10-10 23:47 <DIR> d-------- C:\ie-spyad_zo 2007-10-10 23:40 <DIR> d-------- C:\Program Files\IE-Spyad by Becky 2007-10-10 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-10 23:24 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL 2007-10-09 23:49 <DIR> d-------- C:\WINNT\system32\ActiveScan 2007-10-09 20:46 <DIR> d--h----- C:\WINNT\$hf_mig$ 2007-10-09 20:46 22,752 --a------ C:\WINNT\system32\spupdsvc.exe 2007-10-09 20:43 <DIR> d-------- C:\WINNT\system32\bits 2007-10-09 20:42 361,984 --a------ C:\WINNT\system32\dllcache\qmgr.dll 2007-10-09 20:42 331,776 --a------ C:\WINNT\system32\winhttp.dll 2007-10-09 20:42 331,776 --a------ C:\WINNT\system32\dllcache\winhttp.dll 2007-10-09 20:42 17,408 --a------ C:\WINNT\system32\qmgrprxy.dll 2007-10-09 20:42 17,408 --a------ C:\WINNT\system32\dllcache\qmgrprxy.dll 2007-10-09 20:42 7,680 --------- C:\WINNT\system32\dllcache\bitsprx2.dll 2007-10-09 20:42 7,680 --a------ C:\WINNT\system32\bitsprx2.dll 2007-10-09 20:42 7,168 --------- C:\WINNT\system32\dllcache\bitsprx3.dll 2007-10-09 20:42 7,168 --a------ C:\WINNT\system32\bitsprx3.dll 2007-10-09 20:36 549,720 --a------ C:\WINNT\system32\wuapi.dll 2007-10-09 20:36 325,976 --a------ C:\WINNT\system32\wucltui.dll 2007-10-09 20:36 43,352 --a------ C:\WINNT\system32\wups2.dll 2007-10-09 20:36 33,624 --a------ C:\WINNT\system32\wups.dll 2007-10-06 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-10-06 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-10-06 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-10 11:58 --------- d-----w C:\Program Files\QuickTime 2007-10-10 11:55 --------- d-----w C:\Program Files\Norton AntiVirus 2007-10-10 11:54 --------- d-----w C:\Program Files\iTunes 2007-10-10 11:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-10 11:49 --------- d-----w C:\Program Files\AIM 2007-10-10 04:01 --------- d-----w C:\Program Files\FilmLoop Player 2007-10-10 01:09 --------- d-----w C:\Program Files\Viewpoint 2007-10-10 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-09-28 17:55 --------- d-----w C:\Program Files\Full Tilt Poker 2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\dllcache\cdm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\cdm.dll 2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\wuauclt.exe 2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe 2007-07-30 23:19 203,096 ----a-w C:\WINNT\system32\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll 2002-11-01 1938 32 --sha-w C:\WINNT\{7C9C949C-F6AC-4CBA-941B-D3251B92CECE}.dat 2002-11-01 1938 32 --sha-w C:\WINNT\system32\{C1248350-C897-4F83-9123-E8EDC393A253}.dat . ((((((((((((((((((((((((((((( snapshot@2007-10-16_ 9.03.29.17 ))))))))))))))))))))))))))))))))))))))))) . - 2007-10-16 04:24:47 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat + 2007-10-17 03:11:08 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat - 2007-10-16 04:24:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-10-17 03:11:08 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-10-16 04:24:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-10-17 03:11:08 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-05-24 16:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 61,440 2004-02-04 20:29:24 C:\Program Files\AIM\bak\aim.exe ----a-w 28,672 2002-07-24 20:20:02 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe ----a-w 3,436,544 2006-06-18 00:04:04 C:\Program Files\FilmLoop Player\bak\FilmLoop.exe ----a-w 278,528 2005-10-06 23:03:14 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\iTunesHelper.exe ----a-w 143,360 2003-02-11 20:44:20 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe ----a-w 155,648 2005-12-25 19:19:18 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 15:45] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] C:\WINNT\System32\LgNotify.dll 2003-02-28 17:01 110592 C:\WINNT\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG] GWMDMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe R3 GTWModem;GTW Modem;C:\WINNT\System32\DRIVERS\GWMDM.sys R3 Intel_MIPMNMP;Intel Adapter Switching Driver;C:\WINNT\System32\DRIVERS\mipmnxp.sys R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINNT\System32\DRIVERS\w70n51.sys S3 allegro;ESS Allegro Audio Driver (WDM);C:\WINNT\System32\drivers\es198x.sys S3 wlluc48;Wireless LAN PC Card Driver;C:\WINNT\System32\DRIVERS\wlluc48.sys . Contents of the 'Scheduled Tasks' folder "2007-10-10 01:29:47 C:\WINNT\Tasks\AppleSoftwareUpdate.job" "2003-10-09 22:07:52 C:\WINNT\Tasks\ISP signup reminder 2.job" - C:\WINNT\System32\OOBE\oobebaln.exe "2003-10-09 22:07:53 C:\WINNT\Tasks\ISP signup reminder 3.job" - C:\WINNT\System32\OOBE\oobebaln.exe "2003-10-10 02:39:52 C:\WINNT\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-17 00:18:04 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-17 0:19:27 C:\ComboFix2.txt ... 2007-10-16 09:04 . --- E O F --- HIJACKTHIS LOG: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:26:27 AM, on 10/17/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\S24EvMon.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\ZCfgSvc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\System32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\RegSrvc.exe C:\WINNT\System32\RoamMgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\Program Files\Intel\Switching\User\RoamSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\System32\wuauclt.exe C:\WINNT\explorer.exe C:\WINNT\System32\wuauclt.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICEOWS\ViewUpd\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191976536220 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://www.free-computer-wallpapers.com/beach.5.jpg -- End of file - 6515 bytes