Tech Support Forum - View Single Post

larrygraves · 02-13-2007, 05:03 PM

"Larry" - 07-02-13 17:03:04 Service Pack 2
ComboFix 07-02-11.1.1 - Running from: "C:\Documents and Settings\Larry\desktop"
Command switches used :: /v vtsqo

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))

2007-02-13 16:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-13 16:43 <DIR> d-------- C:\Program Files\Grisoft
2007-02-13 08:54 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-02-13 08:09 73,984 -ra------ C:\WINDOWS\system32\drivers\ulsata.sys
2007-02-13 08:09 24,576 -ra------ C:\WINDOWS\system32\ptipbm.dll
2007-02-13 07:58 <DIR> d-------- C:\Program Files\viewsonic
2007-02-13 07:58 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Leadertech
2007-02-13 07:52 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-02-13 07:52 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-02-13 07:52 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-02-13 07:52 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2007-02-13 07:52 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-02-12 21:50 <DIR> d-------- C:\VundoFix Backups
2007-02-12 20:05 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-02-12 20:05 <DIR> d-------- C:\NVIDIA
2007-02-12 19:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-12 19:36 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-12 19:36 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-12 18:37 76,412 --a------ C:\WINDOWS\system32\ykoucajc.dll
2007-02-12 16:08 76,412 --a------ C:\WINDOWS\system32\dskhvanf.dll
2007-02-12 10:32 <DIR> d-------- C:\HIJACKTHIS
2007-02-10 09:07 <DIR> d-------- C:\Program Files\SpywareBot
2007-02-09 20:39 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-09 07:21 76,412 --a------ C:\WINDOWS\system32\opptdkfr.dll
2007-02-08 17:40 <DIR> d-------- C:\STUDMUFFIN MOVIE MASTERS
2007-02-04 20:43 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Webroot
2007-02-04 19:55 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-04 19:55 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-04 19:55 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-04 19:55 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-04 19:55 <DIR> d-------- C:\Program Files\Webroot
2007-02-04 19:55 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-02-04 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-02-04 19:54 164 --a------ C:\install.dat
2007-02-04 19:52 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Webroot
2007-02-04 15:45 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-02-04 15:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-31 19:05 76,412 --a------ C:\WINDOWS\system32\bvcdfybs.dll
2007-01-31 09:27 <DIR> d-------- C:\DEB CD
2007-01-30 10:33 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Help
2007-01-29 07:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-26 07:45 <DIR> d-------- C:\REMIX
2007-01-26 07:44 <DIR> d-------- C:\Program Files\VideoEgg
2007-01-26 07:44 <DIR> d-------- C:\Program Files\Tag Support Plugin for Media Player
2007-01-26 07:44 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\VideoEgg
2007-01-26 07:03 731,965 --ahs---- C:\WINDOWS\system32\ijkkj.ini2
2007-01-25 19:06 731,854 --ahs---- C:\WINDOWS\system32\ijkkj.bak2
2007-01-24 19:51 <DIR> d-------- C:\Program Files\VideoEgg(2)
2007-01-24 19:51 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\VideoEgg(2)
2007-01-24 19:06 729,127 --ahs---- C:\WINDOWS\system32\ijkkj.bak1
2007-01-22 09:43 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Real
2007-01-14 10:28 41,160 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-01-14 10:28 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-01-14 10:28 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-01-13 08:17 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-01-13 08:12 81,920 --a------ C:\DOCUME~1\Larry\Application Data\ezpinst.exe
2007-01-13 08:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-13 08:12 47,360 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.sys
2007-01-13 08:12 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Vso
2007-01-13 08:01 1,324,032 --a------ C:\WINDOWS\system32\exec2.exe
2007-01-13 07:56 14,545 --a------ C:\WINDOWS\system32\exec1.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-13 16:40 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 07:58 -------- d--h----- C:\Program Files\installshield installation information
2007-02-13 07:55 -------- d-------- C:\Program Files\asustek
2007-02-12 19:45 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-10 14:09 -------- d-------- C:\DOCUME~1\Larry\Application Data\canon
2007-02-10 08:31 -------- d---s---- C:\DOCUME~1\Larry\Application Data\microsoft
2007-02-04 14:09 -------- d-------- C:\Program Files\noadware4
2007-01-27 09:04 -------- d-------- C:\DOCUME~1\Larry\Application Data\utorrent
2007-01-26 07:44 -------- d-------- C:\Program Files\nero
2007-01-24 07:29 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-24 07:23 33 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.log
2007-01-23 09:36 -------- d-------- C:\Program Files\ws_ftp pro
2007-01-23 09:36 -------- d-------- C:\Program Files\windows media connect 2
2007-01-23 09:36 -------- d-------- C:\Program Files\messenger
2007-01-23 09:36 -------- d-------- C:\Program Files\java web start
2007-01-22 09:45 8109 --a------ C:\WINDOWS\mozver.dat
2007-01-13 08:12 7176 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.cat
2007-01-13 08:12 1144 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.inf
2007-01-11 11:34 81920 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-01-07 20:54 -------- d-------- C:\Program Files\serious magic
2006-12-27 20:44 -------- d-------- C:\Program Files\riva
2006-12-27 20:44 -------- d-------- C:\Program Files\Common Files\swf studio
2006-12-25 08:12 -------- d-------- C:\DOCUME~1\Larry\Application Data\sonic
2006-12-23 07:42 -------- d-------- C:\Program Files\coolpro2
2006-12-23 07:41 -------- d-------- C:\DOCUME~1\Larry\Application Data\syntrillium
2006-12-22 18:17 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-22 18:17 -------- d-------- C:\DOCUME~1\Larry\Application Data\adobe
2006-12-13 07:35 -------- d-------- C:\Program Files\vstplugins
2006-12-13 07:35 -------- d-------- C:\Program Files\sony
2006-12-13 07:28 -------- d-------- C:\DOCUME~1\Larry\Application Data\nero
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 07:04 40 ---hs---- C:\DOCUME~1\Larry\Application Data\.zreglib
2006-11-19 09:47 503808 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-19 09:47 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-04 13:08 67 --a------ C:\DOCUME~1\Larry\Application Data\setup.txt

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="\"C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe\" /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"SBDrvDet"="\"C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe\" /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"anvshell"="anvshell.exe"
"LiveNote"="livenote.exe"
"EPSON Stylus Photo 900"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0XIC1.EXE\" /P22 \"EPSON Stylus Photo 900\" /O6 \"USB001\" /M \"Stylus Photo 900\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"NWEReboot"=""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\""
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"PtiuPbmd"="\"Rundll32.exe\" ptipbm.dll,SetWriteBack"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\KODAK\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VIA RAID TOOL.lnk"
"backup"="C:\\WINDOWS\\pss\\VIA RAID TOOL.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIA\\RAID\\RAID_T~1.EXE "
"item"="VIA RAID TOOL"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Nero\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareBot"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpywareBot\\SpywareBot.exe\" -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winjews16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\winjews16.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=dword:00000003
"srservice"=dword:00000002
"NVSvc"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{C7A5442A-A003-42E1-A51B-D76E36D44383}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_GUARD

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070212-114159-698
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 17:05:03

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:09:51 PM 13/02/2007

+ Scan result:

C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002265.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002269.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002272.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002273.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002275.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002277.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002282.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002289.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002296.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcdbaa.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccdbxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\hggffca.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\hgggdca.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\iifgdbx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfghfg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnlihh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqnllk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxywvwv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exec2.exe -> Backdoor.Agent.akz : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.181:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.193:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.194:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.195:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.289:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.290:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.16:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.71:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.218:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.93:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.221:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.235:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.236:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.265:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.185:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.242:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.70:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.96:C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.97:C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.252:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.253:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.254:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.255:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.256:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.257:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.258:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.259:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.45:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.275:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.276:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.161:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.162:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.163:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.164:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Activescan

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt[.atwola.com/]
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ahwxnrir.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\alwkusbm.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\aolsknif.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\cbykmokj.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ckylxuhp.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ctvsgqin.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\dvkjjoeg.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\dyeyxvpd.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\eiovdnvt.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\fglyyeun.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ghxrkdqh.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\hnfwdlgx.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\jdxqvqwg.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\kwbrntfy.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\mvtmvngw.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\npvhkote.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\nxqoquvj.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\optbnrtk.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ptyirgew.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\qvbxrgqs.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\rroylttb.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\tytmbbaa.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vmmpxuvp.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vytwhqqf.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\wdcnewoa.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\whhnedlw.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\wxbkvtci.exe.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\bvcdfybs.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\dskhvanf.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\opptdkfr.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\ykoucajc.dll

Logfile of HijackThis v1.99.1
Scan saved at 6:56:14 PM, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\HIJACKTHIS\doom.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {ABA57D25-6128-4C1C-B70E-7E8EE409DAB5} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171330870828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161981347296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

02-13-2007, 05:03 PM	#9 (permalink)
larrygraves Registered User Join Date: Feb 2007 Posts: 10 OS: XP	Here it is...................thanks. "Larry" - 07-02-13 17:03:04 Service Pack 2 ComboFix 07-02-11.1.1 - Running from: "C:\Documents and Settings\Larry\desktop" Command switches used :: /v vtsqo ((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 )))))))))))))))))))))))))))))))))) 2007-02-13 16:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-13 16:43 <DIR> d-------- C:\Program Files\Grisoft 2007-02-13 08:54 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2007-02-13 08:09 73,984 -ra------ C:\WINDOWS\system32\drivers\ulsata.sys 2007-02-13 08:09 24,576 -ra------ C:\WINDOWS\system32\ptipbm.dll 2007-02-13 07:58 <DIR> d-------- C:\Program Files\viewsonic 2007-02-13 07:58 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Leadertech 2007-02-13 07:52 884,736 --a------ C:\WINDOWS\system32\msimsg.dll 2007-02-13 07:52 78,848 --a------ C:\WINDOWS\system32\msiexec.exe 2007-02-13 07:52 271,360 --a------ C:\WINDOWS\system32\msihnd.dll 2007-02-13 07:52 2,890,240 --a------ C:\WINDOWS\system32\msi.dll 2007-02-13 07:52 15,360 --a------ C:\WINDOWS\system32\msisip.dll 2007-02-12 21:50 <DIR> d-------- C:\VundoFix Backups 2007-02-12 20:05 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-02-12 20:05 <DIR> d-------- C:\NVIDIA 2007-02-12 19:51 <DIR> d-------- C:\WINDOWS\Prefetch 2007-02-12 19:36 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-02-12 19:36 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-02-12 18:37 76,412 --a------ C:\WINDOWS\system32\ykoucajc.dll 2007-02-12 16:08 76,412 --a------ C:\WINDOWS\system32\dskhvanf.dll 2007-02-12 10:32 <DIR> d-------- C:\HIJACKTHIS 2007-02-10 09:07 <DIR> d-------- C:\Program Files\SpywareBot 2007-02-09 20:39 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-02-09 07:21 76,412 --a------ C:\WINDOWS\system32\opptdkfr.dll 2007-02-08 17:40 <DIR> d-------- C:\STUDMUFFIN MOVIE MASTERS 2007-02-04 20:43 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Webroot 2007-02-04 19:55 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-04 19:55 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-04 19:55 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-04 19:55 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-04 19:55 <DIR> d-------- C:\Program Files\Webroot 2007-02-04 19:55 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot 2007-02-04 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot 2007-02-04 19:54 164 --a------ C:\install.dat 2007-02-04 19:52 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Webroot 2007-02-04 15:45 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-02-04 15:44 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-01-31 19:05 76,412 --a------ C:\WINDOWS\system32\bvcdfybs.dll 2007-01-31 09:27 <DIR> d-------- C:\DEB CD 2007-01-30 10:33 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Help 2007-01-29 07:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy 2007-01-26 07:45 <DIR> d-------- C:\REMIX 2007-01-26 07:44 <DIR> d-------- C:\Program Files\VideoEgg 2007-01-26 07:44 <DIR> d-------- C:\Program Files\Tag Support Plugin for Media Player 2007-01-26 07:44 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\VideoEgg 2007-01-26 07:03 731,965 --ahs---- C:\WINDOWS\system32\ijkkj.ini2 2007-01-25 19:06 731,854 --ahs---- C:\WINDOWS\system32\ijkkj.bak2 2007-01-24 19:51 <DIR> d-------- C:\Program Files\VideoEgg(2) 2007-01-24 19:51 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\VideoEgg(2) 2007-01-24 19:06 729,127 --ahs---- C:\WINDOWS\system32\ijkkj.bak1 2007-01-22 09:43 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Real 2007-01-14 10:28 41,160 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-01-14 10:28 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-01-14 10:28 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys 2007-01-13 08:17 14 --a------ C:\WINDOWS\system32\systeminfo3.dll 2007-01-13 08:12 81,920 --a------ C:\DOCUME~1\Larry\Application Data\ezpinst.exe 2007-01-13 08:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-01-13 08:12 47,360 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.sys 2007-01-13 08:12 <DIR> d-------- C:\DOCUME~1\Larry\Application Data\Vso 2007-01-13 08:01 1,324,032 --a------ C:\WINDOWS\system32\exec2.exe 2007-01-13 07:56 14,545 --a------ C:\WINDOWS\system32\exec1.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-13 16:40 -------- d-------- C:\Program Files\mozilla firefox 2007-02-13 07:58 -------- d--h----- C:\Program Files\installshield installation information 2007-02-13 07:55 -------- d-------- C:\Program Files\asustek 2007-02-12 19:45 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-02-10 14:09 -------- d-------- C:\DOCUME~1\Larry\Application Data\canon 2007-02-10 08:31 -------- d---s---- C:\DOCUME~1\Larry\Application Data\microsoft 2007-02-04 14:09 -------- d-------- C:\Program Files\noadware4 2007-01-27 09:04 -------- d-------- C:\DOCUME~1\Larry\Application Data\utorrent 2007-01-26 07:44 -------- d-------- C:\Program Files\nero 2007-01-24 07:29 -------- d-------- C:\Program Files\Common Files\ahead 2007-01-24 07:23 33 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.log 2007-01-23 09:36 -------- d-------- C:\Program Files\ws_ftp pro 2007-01-23 09:36 -------- d-------- C:\Program Files\windows media connect 2 2007-01-23 09:36 -------- d-------- C:\Program Files\messenger 2007-01-23 09:36 -------- d-------- C:\Program Files\java web start 2007-01-22 09:45 8109 --a------ C:\WINDOWS\mozver.dat 2007-01-13 08:12 7176 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.cat 2007-01-13 08:12 1144 --a------ C:\DOCUME~1\Larry\Application Data\pcouffin.inf 2007-01-11 11:34 81920 --a------ C:\WINDOWS\system32\elbycdio.dll 2007-01-07 20:54 -------- d-------- C:\Program Files\serious magic 2006-12-27 20:44 -------- d-------- C:\Program Files\riva 2006-12-27 20:44 -------- d-------- C:\Program Files\Common Files\swf studio 2006-12-25 08:12 -------- d-------- C:\DOCUME~1\Larry\Application Data\sonic 2006-12-23 07:42 -------- d-------- C:\Program Files\coolpro2 2006-12-23 07:41 -------- d-------- C:\DOCUME~1\Larry\Application Data\syntrillium 2006-12-22 18:17 -------- d-------- C:\Program Files\Common Files\adobe 2006-12-22 18:17 -------- d-------- C:\DOCUME~1\Larry\Application Data\adobe 2006-12-13 07:35 -------- d-------- C:\Program Files\vstplugins 2006-12-13 07:35 -------- d-------- C:\Program Files\sony 2006-12-13 07:28 -------- d-------- C:\DOCUME~1\Larry\Application Data\nero 2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-05 07:04 40 ---hs---- C:\DOCUME~1\Larry\Application Data\.zreglib 2006-11-19 09:47 503808 --a------ C:\WINDOWS\system32\msvcp71.dll 2006-11-19 09:47 348160 --a------ C:\WINDOWS\system32\msvcr71.dll 2006-11-04 13:08 67 --a------ C:\DOCUME~1\Larry\Application Data\setup.txt (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "RemoteCenter"="\"C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE\"" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "CTSysVol"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe\" /r" "CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\"" "SBDrvDet"="\"C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe\" /r" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "anvshell"="anvshell.exe" "LiveNote"="livenote.exe" "EPSON Stylus Photo 900"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0XIC1.EXE\" /P22 \"EPSON Stylus Photo 900\" /O6 \"USB001\" /M \"Stylus Photo 900\"" "CTHelper"="CTHELPER.EXE" "CTxfiHlp"="CTXFIHLP.EXE" "NWEReboot"="" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\"" "OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\"" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "PtiuPbmd"="\"Rundll32.exe\" ptipbm.dll,SetWriteBack" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE " "item"="Adobe Reader Synchronizer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk" "backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup" "location"="Common Startup" "command"="C:\\KODAK\\KODAKE~1\\bin\\EASYSH~1.EXE -hx" "item"="Kodak EasyShare software" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VIA RAID TOOL.lnk" "backup"="C:\\WINDOWS\\pss\\VIA RAID TOOL.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\VIA\\RAID\\RAID_T~1.EXE " "item"="VIA RAID TOOL" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mssysmgr" "hkey"="HKCU" "command"="C:\\PROGRA~1\\Nero\\NEROPH~1\\data\\Xtras\\mssysmgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TeaTimer" "hkey"="HKCU" "command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpywareBot" "hkey"="HKLM" "command"="\"C:\\Program Files\\SpywareBot\\SpywareBot.exe\" -boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winjews16" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\winjews16.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=dword:00000003 "srservice"=dword:00000002 "NVSvc"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{C7A5442A-A003-42E1-A51B-D76E36D44383}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_GUARD ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070212-114159-698 O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job ****************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-02-13 17:05:03 AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:09:51 PM 13/02/2007 + Scan result: C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002265.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002269.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002272.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002273.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002275.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002277.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002282.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002289.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{54E87819-4E76-4443-8927-9F3BA9371B79}\RP4\A0002296.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\ddcdbaa.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\fccdbxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\hggffca.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\hgggdca.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\iifgdbx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\khfghfg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\opnlihh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\urqnllk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\xxywvwv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\exec2.exe -> Backdoor.Agent.akz : Cleaned with backup (quarantined). :mozilla.10:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.126:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.12:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.13:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.14:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.15:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.27:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.180:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.7search : Cleaned. :mozilla.181:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.7search : Cleaned. :mozilla.193:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.194:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.195:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.289:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.290:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.16:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.25:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.20:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.71:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.72:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.73:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.74:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.75:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.76:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.77:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.78:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.79:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.80:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.81:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.82:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.83:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.218:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.93:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.219:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.220:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.221:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.222:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.235:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.236:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.237:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.265:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.185:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.242:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.70:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.84:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.85:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.96:C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.97:C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.252:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.253:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.254:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.255:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.256:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.257:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.258:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.259:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.45:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.46:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.47:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.48:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.275:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.276:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.161:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.162:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.163:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.164:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Activescan Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.atwola.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.systemdoctor.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[www.systemdoctor.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[.drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hidkkr3s.default\cookies.txt[www.drivecleaner.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\cookies.txt[.atwola.com/] Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ahwxnrir.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\alwkusbm.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\aolsknif.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\cbykmokj.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ckylxuhp.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ctvsgqin.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\dvkjjoeg.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\dyeyxvpd.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\eiovdnvt.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\fglyyeun.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ghxrkdqh.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\hnfwdlgx.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\jdxqvqwg.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\kwbrntfy.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\mvtmvngw.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\npvhkote.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\nxqoquvj.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\optbnrtk.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ptyirgew.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\qvbxrgqs.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\rroylttb.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\tytmbbaa.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vmmpxuvp.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vytwhqqf.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\wdcnewoa.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\whhnedlw.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\wxbkvtci.exe.bad Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\bvcdfybs.dll Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\dskhvanf.dll Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\opptdkfr.dll Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\ykoucajc.dll Logfile of HijackThis v1.99.1 Scan saved at 6:56:14 PM, on 13/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\mcafee.com\agent\mcagent.exe C:\HIJACKTHIS\doom.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Larry\Application Data\Mozilla\Profiles\default\tffy6csx.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {ABA57D25-6128-4C1C-B70E-7E8EE409DAB5} - C:\WINDOWS\system32\vtsqo.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [EPSON Stylus Photo 900] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe" O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171330870828 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161981347296 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe