Tech Support Forum - View Single Post - Constant web browser spawns w/advertisments

figgepop · 07-05-2007, 01:30 PM

Per your request:
AVG Anti-Spyware Log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:30:19 PM 7/5/2007

+ Scan result:

C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_105300.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_449600.gif -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_105300.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_105300.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Cleaned.
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP698\A0249823.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP689\A0249040.exe -> Adware.Trymedia : Cleaned.
C:\QooBox\Quarantine\C\Program Files\ComPlus Applications\mesovi83122.dll.vir -> Adware.TTC : Cleaned.
C:\RECYCLER\S-1-5-21-1220806441-2422100471-3434115271-1007\Dc5\mwspasrt83122.exe -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254942.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP714\A0254826.exe -> Downloader.Tiny.id : Cleaned.
C:\QooBox\Quarantine\catchme2007-07-04_161457.26.zip/core.sys -> Rootkit.Agent.eq : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@d3.zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\David Figge\Cookies\david_figge@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

+++++
+++++
Kaspersky online scan Log
+++++
+++++
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 05, 2007 2:25:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/07/2007
Kaspersky Anti-Virus database records: 358727
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 76936
Number of viruses found: 22
Number of infected objects: 39 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:25:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C9ADA598-E0FF-4DDF-9304-BB6143EE0789}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468 NSIS: infected - 1 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468 NSIS: infected - 3 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\cbxxutt.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\ceullaqw.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\loagnyxu.exe.bac_a00468 Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\Monopoly3-dm[1].exe.bac_a00468 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\o02PrEz1065.exe.bac_a00468 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312 NSIS: infected - 2 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\opsdklav.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\qomjgfc.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\retadpu1000106.exe.bac_a00468 Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\retadpu2000219.exe.bac_a00468 Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\sisqetoj.exe.bac_a00468 Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\udceqxmq.dll.bac_a00468 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\UnInstall.exe.bac_a00468 Infected: Trojan.Win32.Small.oa skipped
C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\winpop.exe.bac_a00468 Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\Documents and Settings\David Figge\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\David Figge\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\David Figge\Desktop\SmitfraudFix\Reboot.exe Object is locked skipped
C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\AOL OCP\AIM\Storage\data\figsahaas42\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Temp\~DF92EF.tmp Object is locked skipped
C:\Documents and Settings\David Figge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Figge\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David Figge\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ceullaqw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0252713.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0007 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254944.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\A0255234.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\A0255234.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9694D11E-2311-4B13-88A6-9804E81D85BB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_1Eo6ZFRrJIgq3uj Object is locked skipped
C:\WINDOWS\Temp\mcmsc_a3NNCLkjS6ILpC6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_d55XURWPtbIMtIT Object is locked skipped
C:\WINDOWS\Temp\mcmsc_g21i9rdhefrR9au Object is locked skipped
C:\WINDOWS\Temp\mcmsc_yr5amKGPafvyam0 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_98.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

+++++
+++++
Hijackthis Log
+++++
+++++
Logfile of HijackThis v1.99.1
Scan saved at 2:26:00 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183430648515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) -
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

07-05-2007, 01:30 PM	#11 (permalink)
figgepop Registered User Join Date: Jul 2007 Posts: 52 OS: XP	Re: Constant web browser spawns w/advertisments Per your request: AVG Anti-Spyware Log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:30:19 PM 7/5/2007 + Scan result: C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_105300.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_449600.gif -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_105300.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_105300.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Cleaned. C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP698\A0249823.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP689\A0249040.exe -> Adware.Trymedia : Cleaned. C:\QooBox\Quarantine\C\Program Files\ComPlus Applications\mesovi83122.dll.vir -> Adware.TTC : Cleaned. C:\RECYCLER\S-1-5-21-1220806441-2422100471-3434115271-1007\Dc5\mwspasrt83122.exe -> Adware.TTC : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254942.dll -> Adware.TTC : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP714\A0254826.exe -> Downloader.Tiny.id : Cleaned. C:\QooBox\Quarantine\catchme2007-07-04_161457.26.zip/core.sys -> Rootkit.Agent.eq : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@advertising[3].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@d3.zedo[3].txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\David Figge\Cookies\david_figge@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. ::Report end +++++ +++++ Kaspersky online scan Log +++++ +++++ ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, July 05, 2007 2:25:24 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 5/07/2007 Kaspersky Anti-Virus database records: 358727 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 76936 Number of viruses found: 22 Number of infected objects: 39 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:25:48 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C9ADA598-E0FF-4DDF-9304-BB6143EE0789}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468 NSIS: infected - 1 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\acdt-pid67N.exe.bac_a00468 CryptFF.b: infected - 1 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468 NSIS: infected - 3 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\b.bac_a00468 CryptFF.b: infected - 3 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\cbxxutt.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\ceullaqw.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\loagnyxu.exe.bac_a00468 Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\Monopoly3-dm[1].exe.bac_a00468 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\o02PrEz1065.exe.bac_a00468 Infected: Trojan-Downloader.Win32.VB.awj skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312 NSIS: infected - 2 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\OiUninstaller.exe.bac_a03312 CryptFF.b: infected - 2 skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\opsdklav.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\qomjgfc.dll.bac_a00468 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\retadpu1000106.exe.bac_a00468 Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\retadpu2000219.exe.bac_a00468 Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\sisqetoj.exe.bac_a00468 Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\udceqxmq.dll.bac_a00468 Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\UnInstall.exe.bac_a00468 Infected: Trojan.Win32.Small.oa skipped C:\Documents and Settings\David Figge\.housecall6.6\Quarantine\winpop.exe.bac_a00468 Infected: not-a-virus:AdWare.Win32.Rond.a skipped C:\Documents and Settings\David Figge\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped C:\Documents and Settings\David Figge\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\David Figge\Desktop\SmitfraudFix\Reboot.exe Object is locked skipped C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\David Figge\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\AOL OCP\AIM\Storage\data\figsahaas42\localStorage\common.cls Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Temp\~DF92EF.tmp Object is locked skipped C:\Documents and Settings\David Figge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\David Figge\NTUSER.DAT Object is locked skipped C:\Documents and Settings\David Figge\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ceullaqw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0252713.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0007 Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254828.exe NSIS: infected - 5 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0254944.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\A0255234.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\A0255234.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP719\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{9694D11E-2311-4B13-88A6-9804E81D85BB}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcmsc_1Eo6ZFRrJIgq3uj Object is locked skipped C:\WINDOWS\Temp\mcmsc_a3NNCLkjS6ILpC6 Object is locked skipped C:\WINDOWS\Temp\mcmsc_d55XURWPtbIMtIT Object is locked skipped C:\WINDOWS\Temp\mcmsc_g21i9rdhefrR9au Object is locked skipped C:\WINDOWS\Temp\mcmsc_yr5amKGPafvyam0 Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_98.dat Object is locked skipped C:\WINDOWS\WIADEBUG.LOG Object is locked skipped C:\WINDOWS\WIASERVC.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. +++++ +++++ Hijackthis Log +++++ +++++ Logfile of HijackThis v1.99.1 Scan saved at 2:26:00 PM, on 7/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183430648515 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)