Tech Support Forum - View Single Post

VinnyC · 10-04-2006, 09:48 PM

All the scans were completed.

Here is the Fixwareout report:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\smomd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AAC44C78B8C-E2FA-26D4-576E-EBF9FBB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmoms.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
* csr.exe C:\WINDOWS\System32\CSERY.EXE

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSERY.EXE 51 271 2006-07-28
C:\WINDOWS\SYSTEM32\DMOMS.EXE 61 965 2004-08-04

Other suspects.
Directory of C:\WINDOWS\system32
{00422582-2E19-4239-9F87-44A72C22FD65}.exe
{C3D075D8-54B0-44C7-82C1-AC630A3799AB}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
C:\WINDOWS\System32\service.exe

Here is the Hijack report after i deleted the items you told me:

Logfile of HijackThis v1.99.1
Scan saved at 11

11 PM, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Tools AntiVirus\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\{1094D352-0640-4105-0727-040410270002}\Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\winstall.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Hiiack This\HijackThis.exe

R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsb108.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [{4D-D3-35-52-ZN}] C:\windows\system32\oldsregn.exe ELT001
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Ciampa\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/apop/def...ploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: IEFilter - {690F6A1B-8C7D-4020-92B0-AFA351689F0B} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

And here is the Panda Scan log:

Incident Status Location

Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{1094D352-0640-4105-0727-040410270002}\Update.exe
Adware:adware/adsmart Not disinfected c:\windows\system32\kernels8.exe
Virus:trj/srchspy.a Disinfected Operating system
Virus:w32/locksky.au.worm Disinfected Operating system
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll
Virus:trj/torpig.a Disinfected Operating system
Adware:adware/spysheriff Not disinfected c:\winstall.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\gimmygames.dat
Adware:adware/portalscan Not disinfected c:\program files\common files\Slmss
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Ciampa\Application Data\Install.dat
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@as-us.falkag[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@bs.serving-sys[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@c.enhance[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@findwhat[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@questionmarket[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@statcounter[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@tribalfusion[1].txt
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2hyaXN0b3BoZXIgQ2lhbXBh\kZ1VurhXva1CtrK0kZ51vr11.vbs
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\csery.exe
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmoms.exe
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{00422582-2E19-4239-9F87-44A72C22FD65}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{00422582-2E19-4239-9F87-44A72C22FD65}.exe[KillAndCleanUpdate.exe]
Adware:Adware/QuickWeb

Keep me posted, Thanks.

Vin

10-04-2006, 09:48 PM	#3 (permalink)
VinnyC Registered User Join Date: Mar 2006 Posts: 14 OS: WinXP	spyware issues All the scans were completed. Here is the Fixwareout report: Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\smomd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AAC44C78B8C-E2FA-26D4-576E-EBF9FBB4{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif ... Microsoft (R) Windows Script Host Version 5.6 Random Runs removed from HKLM "dmoms.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... * csr.exe C:\WINDOWS\System32\CSERY.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSERY.EXE 51 271 2006-07-28 C:\WINDOWS\SYSTEM32\DMOMS.EXE 61 965 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 {00422582-2E19-4239-9F87-44A72C22FD65}.exe {C3D075D8-54B0-44C7-82C1-AC630A3799AB}.exe »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. C:\WINDOWS\System32\service.exe Here is the Hijack report after i deleted the items you told me: Logfile of HijackThis v1.99.1 Scan saved at 1111 PM, on 04/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Tools AntiVirus\ScanningProcess.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\{1094D352-0640-4105-0727-040410270002}\Update.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\winstall.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\Hiiack This\HijackThis.exe R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsb108.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe O4 - HKLM\..\Run: [{4D-D3-35-52-ZN}] C:\windows\system32\oldsregn.exe ELT001 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Ciampa\LOCALS~1\Temp\stdrun165632.exe O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/apop/def...ploader_v6.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: IEFilter - {690F6A1B-8C7D-4020-92B0-AFA351689F0B} - C:\WINDOWS\system32\IEFilter.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe And here is the Panda Scan log: Incident Status Location Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{1094D352-0640-4105-0727-040410270002}\Update.exe Adware:adware/adsmart Not disinfected c:\windows\system32\kernels8.exe Virus:trj/srchspy.a Disinfected Operating system Virus:w32/locksky.au.worm Disinfected Operating system Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll Virus:trj/torpig.a Disinfected Operating system Adware:adware/spysheriff Not disinfected c:\winstall.exe Adware:adware/dollarrevenue Not disinfected c:\windows\gimmygames.dat Adware:adware/portalscan Not disinfected c:\program files\common files\Slmss Adware:adware/savenow Not disinfected Windows Registry Adware:adware/adrotator Not disinfected Windows Registry Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF69DF00-2734-477F-8257-27CD04F88779} Adware:adware/powerstrip Not disinfected Windows Registry Adware:adware/sidesearch Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Ciampa\Application Data\Install.dat Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@247realmedia[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@adtech[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@apmebf[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@as-us.falkag[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@bs.serving-sys[2].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@c.enhance[1].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@findwhat[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@qksrv[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@questionmarket[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@statcounter[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ciampa\Cookies\ciampa@tribalfusion[1].txt Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2hyaXN0b3BoZXIgQ2lhbXBh\kZ1VurhXva1CtrK0kZ51vr11.vbs Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\csery.exe Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmoms.exe Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{00422582-2E19-4239-9F87-44A72C22FD65}.exe[KillAndClean.exe] Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{00422582-2E19-4239-9F87-44A72C22FD65}.exe[KillAndCleanUpdate.exe] Adware:Adware/QuickWeb Keep me posted, Thanks. Vin