Tech Support Forum - View Single Post

griffery · 06-19-2008, 07:27 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 19, 2008 14:17:52
Records in database: 879503
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 77803
Threat name: 12
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 01:56:44

File name / Threat name / Threats count
C:\Documents and Settings\Desiree\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-494e0098-73f465fe.zip Infected: Trojan-Downloader.Java.OpenConnection.aj 2
C:\Documents and Settings\Desiree\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-494e0098-73f465fe.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\i think im ready katy perry.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\no me without you matt pokora.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\when i grow up pussycat dolls.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\13.tmp Infected: EICAR-Test-File 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\8.tmp Infected: EICAR-Test-File 1
C:\QooBox\Quarantine\C\Program Files\iSecurity\WiniFixer\setup.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\QooBox\Quarantine\C\Program Files\iSecurity\WiniFixer\WinIFixerInstaller.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\QooBox\Quarantine\C\Program Files\WinIFixer\WinIFixer.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iSecurity.cpl.vir Infected: Trojan-Downloader.Win32.Agent.mso 1
C:\QooBox\Quarantine\catchme2008-06-18_112806.09.zip Infected: Trojan-Downloader.Win32.Agent.lxa 1
C:\QooBox\Quarantine\catchme2008-06-19_ 12936.39.zip Infected: Rootkit.Win32.Agent.aap 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP938\A0351093.exe Infected: Trojan-Spy.Win32.Zbot.btd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352262.dll Infected: Trojan-Downloader.Win32.Small.tra 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352263.dll Infected: Trojan-Clicker.Win32.Agent.xs 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352264.dll Infected: Trojan-Dropper.Win32.Agent.qfy 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352477.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352478.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352484.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352488.cpl Infected: Trojan-Downloader.Win32.Agent.mso 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:37 AM, on 6/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\kdx\khost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas12.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Erik\Local Settings\Temp\jkos-Erik\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Erik\Local Settings\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aintitcool.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\khost.exe -all
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas12.exe" /minimize
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Ref...GameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.webex.com/client/T2...ex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22548F62-DEB1-4742-AFE0-FE0C1713C52F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2584F791-FCB3-4753-8A38-D1DD64BA600C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{372A730A-348D-4B2F-979C-011A61EB8182}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{885E335C-F31E-48DF-AD73-AE08AF98268C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1483438-9EFA-42D0-9B25-BCF2145F997D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9193 bytes

06-19-2008, 07:27 PM	#41 (permalink)
griffery Registered User Join Date: Apr 2008 Posts: 30 OS: Windows XP Professional 5.1.2600 Service Pack 1 Build 2600	Re: Z.lobber/win32 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, June 19, 2008 Operating System: Microsoft Windows XP Professional Service Pack 1 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, June 19, 2008 14:17:52 Records in database: 879503 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 77803 Threat name: 12 Infected objects: 23 Suspicious objects: 0 Duration of the scan: 01:56:44 File name / Threat name / Threats count C:\Documents and Settings\Desiree\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-494e0098-73f465fe.zip Infected: Trojan-Downloader.Java.OpenConnection.aj 2 C:\Documents and Settings\Desiree\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-494e0098-73f465fe.zip Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\i think im ready katy perry.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\no me without you matt pokora.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Erik\My Documents\LimeWire\Saved\when i grow up pussycat dolls.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\13.tmp Infected: EICAR-Test-File 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\8.tmp Infected: EICAR-Test-File 1 C:\QooBox\Quarantine\C\Program Files\iSecurity\WiniFixer\setup.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\QooBox\Quarantine\C\Program Files\iSecurity\WiniFixer\WinIFixerInstaller.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\QooBox\Quarantine\C\Program Files\WinIFixer\WinIFixer.exe.vir Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iSecurity.cpl.vir Infected: Trojan-Downloader.Win32.Agent.mso 1 C:\QooBox\Quarantine\catchme2008-06-18_112806.09.zip Infected: Trojan-Downloader.Win32.Agent.lxa 1 C:\QooBox\Quarantine\catchme2008-06-19_ 12936.39.zip Infected: Rootkit.Win32.Agent.aap 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP938\A0351093.exe Infected: Trojan-Spy.Win32.Zbot.btd 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352262.dll Infected: Trojan-Downloader.Win32.Small.tra 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352263.dll Infected: Trojan-Clicker.Win32.Agent.xs 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP939\A0352264.dll Infected: Trojan-Dropper.Win32.Agent.qfy 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352477.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352478.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352484.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.b 1 C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP940\A0352488.cpl Infected: Trojan-Downloader.Win32.Agent.mso 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:37 AM, on 6/19/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\WINDOWS\kdx\khost.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\CyberDefender\AntiSpyware\cdas12.exe C:\WINDOWS\System32\WgaTray.exe C:\PROGRA~1\iPod\bin\IPODSE~1.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Erik\Local Settings\Temp\jkos-Erik\binaries\ScanningProcess.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Erik\Local Settings\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aintitcool.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe" /minimized O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\khost.exe -all O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas12.exe" /minimize O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Ref...GameLoader.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.webex.com/client/T2...ex/ieatgpc.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{22548F62-DEB1-4742-AFE0-FE0C1713C52F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2584F791-FCB3-4753-8A38-D1DD64BA600C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{372A730A-348D-4B2F-979C-011A61EB8182}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{885E335C-F31E-48DF-AD73-AE08AF98268C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D1483438-9EFA-42D0-9B25-BCF2145F997D}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\PROGRA~1\iPod\bin\IPODSE~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9193 bytes