Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Sisters laptop - So much malware, random BSOD, you name it. Sisters laptop - So much malware, random BSOD, you name it.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 10-21-2006, 10:27 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2004
Location: Liverpool
Posts: 192
OS: XP


Send a message via MSN to scott2004
Sisters laptop - So much malware, random BSOD, you name it.
Hey, if anyone could look at this HJT log and help me try and fix this laptop up a little bit it would be much appreciated.
After loading Windows with all the startup programs checked (and after about 20 popups) the latop stays on for about 3 minutes going into blue screen of death and forcing me to restart. The error message doesn't help much so I don't know what to do about that. I had to close down AVG completely because there were SO many virus pop up warning, they wouldn't stop coming. There are hundreds of bad looking startup items in msconfig.

The worst part is, I can't fix it. Heck, I had to load up in safe mode so I could type this out. If I was in normal mode I wouldn't have time to even load TSF. When I run anti spyware/virus checkers the laptop just restarts instantly. When I run them in safe mode; they don't come up with many results (these programs being Spybot, Adaware).

Here is the HJT log I managed to get before it restarted:

Logfile of HijackThis v1.99.1
Scan saved at 17:54:34, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Toni\Yinstall.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\program files\belkin u-storage tools2.96\ustorage.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\nwnmff_e30.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\kybrdff_e30.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\{5C415282-063C-1033-0607-05080220002c}\Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}\MyToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}\MyToolBar.dll
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Toni\Yinstall.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [UStorag] c:\program files\belkin u-storage tools2.96\ustorage.exe sys_auto_run C:\Program Files\Belkin U-Storage Tools2.96
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\jlfjgenh\svshost.exe
O4 - HKLM\..\Run: [SvcManager] iexploer4.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e30.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e30.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e30.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [BIBOPTIONDEADEGGS] C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\ManagerNoun.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/18...bridge-c18.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid...61&ex&1s&ppd=4
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab
O18 - Protocol: bw+0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\ootext32.dll (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

----


If fixing this log helps at all...thank you.

PS - I tried posting this from normal mode but I didn't have enough time until it restarted, so I'm posting from safe mode. I hope this doesn't affect anything.
scott2004 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-21-2006, 08:47 PM   #2 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Hello scott2004, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.


Antivirus Required
I notice that you do not appear to have an active antivirus program. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. Here are several very good free antivirus products which are available:Please install one of these now. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.


Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.
  1. Load AVG Anti-Spyware and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Download Brute Force Uninstaller
Please download Brute Force Uninstaller to your desktop.
  1. Right click bfu.zip on your desktop, and choose Extract All. Click "Next".
  2. In the box to choose where to extract the files to, click "Browse".
  3. Click on the + sign next to "My Computer".
  4. Click on "Local Disk (C:) (or whatever your primary drive is).
  5. Click "Make New Folder" and type in BFU. Click "Next".
  6. Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download the Alcra PLUS Remover. Save it in the same folder you made earlier (i.e., C:\BFU).

Do not do anything with these yet!


Download NoLOP
Please download NoLop to your desktop from one of the following links:
  1. SpywareEdge (US)
  2. Spyware Times (Qatar)
  3. The Spykiller (UK)
Do not do anything with it yet.


Download ComboFix
Download ComboFix from one of the following links:
  1. http://www.techsupportforum.com/sectools/combofix.exe
  2. http://download.bleepingcomputer.com/sUBs/combofix.exe
Don't do anything with it yet.


Uninstall OIN Programs
  • First, click Start > Control Panel > Add/Remove Programs
  • In the list of installed software, look for PuritySCAN By OIN, OuterInfo, OIN Snowballwars or anything by OIN.
  • If you find any, select each of them one at a time and click Remove.
  • If you did not find any OIN programs, please download and run the Oiuninstaller. There is a tutorial for the uninstaller available.
Reboot and delete the folder C:\Program Files\PurityScan (if it's still there) and also delete the folders of any of the other programs you found in the Add/Remove Control Panel. These will also be located in C:\Program Files.


Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
2seasrch
DeluxeCommunications
IM Names
MyWebSearch
Toolbar888
Please let me know if any of these were unable to uninstall.


Run ComboFix
Double click combofix.exe & follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.


Run NoLOP
  • First close any other programs you have running as this may require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy". Your computer will now be scanned for infected files.
  • When scanning has finished you will be prompted to reboot only if infected -- click OK and then click the REBOOT button.
  • After rebooting, a message should pop up from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log along with a fresh HijackThis log.
If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx, move it to your system32 folder, then rerun the program.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}\MyToolBar.dll
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Toni\Yinstall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\jlfjgenh\svshost.exe
O4 - HKLM\..\Run: [SvcManager] iexploer4.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e30.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e30.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e30.exe
O4 - HKLM\..\Run: [BIBOPTIONDEADEGGS] C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\ManagerNoun.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/18...bridge-c18.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid...61&ex&1s&ppd=4
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\ootext32.dll (file missing)
Also check all of the O18s except for the very first one. Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option
C:\Documents and Settings\Toni\Yinstall.exe
C:\Program Files\2search
C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}
C:\Program Files\Common Files\{5C415282-063C-1033-0607-05080220002c}
C:\Program Files\DeluxeCommunications
C:\Program Files\IM Names
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\jlfjgenh
C:\WINDOWS\system32\ootext32.dll
C:\dfndrff_e30.exe
C:\kybrdff_e30.exe
C:\nwnmff_e30.exe
iexploer4.exe « find using Start→Search

Run Brute Force Uninstaller
Please go to Start > My Computer and navigate to the folder you installed BFU in (i.e, C:\BFU).
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware
  • Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop).
  • Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of C:\ComboFix.txt,
  2. the contents of C:\NoLOP.log,
  3. AVG Anti-Spyware scan report,
  4. Kaspersky scan report, and
  5. a new HiJackThis log taken after Kaspersky finishes.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Last edited by Deckard : 10-21-2006 at 08:55 PM. Reason: formatting
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-22-2006, 01:06 PM   #3 (permalink)
Registered User
 
Join Date: Sep 2004
Location: Liverpool
Posts: 192
OS: XP


Send a message via MSN to scott2004
Thank you very much Deckard. I had to do everything except for the very last HJT log in safe mode because the random blue screen of death is still happening.

Here are the logs:

Toni - 06-10-22 18:17:25.09 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Toni\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\InprocServer32]
@="C:\\WINDOWS\\system32\\Ilvu9_32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ootext32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\fpl6033se.dll
C:\WINDOWS\system32\jtjm0711e.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Toni\Application Data\Dxcdmns.dll
C:\Documents and Settings\Toni\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload1135a.exe
C:\WINDOWS\drsmartload2.dat
C:\dfndrff_e23.exe
C:\dfndrff_e34.exe
C:\drsmartload.exe
C:\drsmartload45a45a45s.exe
C:\deskbar.exe
C:\deskbar_e21.exe
C:\deskbar_e26.exe
C:\deskbar_e29.exe
C:\deskbar_e31.exe
C:\kybrdff_e23.exe
C:\kybrdff_e24.exe
C:\kybrdff_e26.exe
C:\kybrdff_e27.exe
C:\kybrdff_e30.exe
C:\kybrdff_e34.exe
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\nwnmff_e23.exe
C:\nwnmff_e24.exe
C:\nwnmff_e26.exe
C:\nwnmff_e27.exe
C:\nwnmff_e30.exe
C:\nwnmff_e34.exe
C:\warebundlenewer.exe
C:\mte3ndi6odoxng.exe
C:\RDFX4.exe
C:\Installer4.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\network monitor
C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}
C:\Program Files\Common Files\{5C415282-063B-1033-0607-05080220002c}
C:\Program Files\Common Files\{5C415282-063C-1033-0607-05080220002c}
C:\WINDOWS\VG9uaQ


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-21 17:56 20,480 --a------ C:\mc44a34.exe
2006-10-20 17:13 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-10-18 11:50 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
2006-10-18 11:32 212,480 --------- C:\WINDOWS\pcdlib32.dll
2006-10-17 18:54 52,161 --a------ C:\Documents and Settings\Toni\mt-uninstaller.exe
2006-10-12 16:44 69,165 --a------ C:\pp4ico.exe
2006-10-06 11:05 0 --a------ C:\tyeoh.exe
2006-10-06 11:03 0 --a------ C:\teqnsq.exe
2006-10-06 11:01 0 --a------ C:\pmmbhym.exe
2006-10-06 10:56 0 --a------ C:\ffgwmpsk.exe
2006-10-06 10:54 176,640 --a------ C:\Documents and Settings\Toni\Yinstall.exe
2006-10-06 10:54 115,947 --a------ C:\Documents and Settings\Toni\mny.exe
2006-10-05 21:28 0 --a------ C:\ovvpecjh.exe
2006-10-05 21:27 76,288 --a------ C:\ccreenfd.exe
2006-10-05 21:24 0 --a------ C:\otwlkons.exe
2006-10-05 21:21 7,680 --a------ C:\Documents and Settings\Toni\loadadv455.exe
2006-10-05 21:21 16,384 --a------ C:\Documents and Settings\Toni\drsmartload1135a.exe
2006-10-05 21:21 115,712 --a------ C:\Documents and Settings\Toni\c.exe
2006-10-05 21:17 77,312 --a------ C:\jttsdgjj.exe
2006-10-05 21:17 32,768 --a------ C:\DXC9.exe
2006-10-05 21:16 20,480 --a------ C:\WINDOWS\c.exe
2006-09-29 14:41 68,204 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-10-22 18:18 -------- d-a------ C:\Program Files\Common Files
2006-10-22 18:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-21 18:25 9594 --a------ C:\Documents and Settings\Toni\Application Data\wklnhst.dat
2006-10-21 17:54 -------- d-------- C:\Program Files\Hijackthis
2006-10-21 02:34 -------- d-------- C:\Program Files\LimeWire
2006-10-21 02:34 -------- d-------- C:\Program Files\Incomplete
2006-10-20 17:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 17:12 -------- d-------- C:\Program Files\Sony
2006-10-19 16:40 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-18 12:33 -------- d-------- C:\Program Files\IrfanView
2006-10-18 12:33 -------- d-------- C:\Program Files\Google
2006-10-18 11:50 -------- d-------- C:\Program Files\Chameleon Systems
2006-10-18 11:32 -------- d-------- C:\Program Files\Serif
2006-10-17 13:30 -------- d---s---- C:\Documents and Settings\Toni\Application Data\Microsoft
2006-10-11 20:16 -------- d-------- C:\Documents and Settings\Toni\Application Data\IM-Names
2006-10-10 13:57 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-10-10 13:57 -------- d-------- C:\Program Files\Adverts
2006-10-10 13:57 -------- d-------- C:\Documents and Settings\Toni\Application Data\BLAH NEW
2006-10-06 22:55 -------- d-------- C:\Program Files\MSN Messenger
2006-10-03 17:15 -------- d-------- C:\Program Files\VCW VicMan's Photo Editor
2006-09-08 15:06 -------- d-------- C:\Program Files\FinePixViewer
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"TOSHIBA Accessibility"="C:\\Program Files\\TOSHIBA\\Accessibility\\FnKeyHook.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"Tvs"="C:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"
"IS CfgWiz"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Zooming"="ZoomingHook.exe"
"UStorag"="c:\\program files\\belkin u-storage tools2.96\\ustorage.exe sys_auto_run C:\\Program Files\\Belkin U-Storage Tools2.96"
"TPSMain"="TPSMain.exe"
"TCtryIOHook"="TCtrlIOHook.exe"
"svshost"="C:\\WINDOWS\\system32\\jlfjgenh\\svshost.exe"
"SvcManager"="iexploer4.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NDSTray.exe"="NDSTray.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\mwsoemon.exe"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\MWSBAR.DLL,S"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMprocess"="C:\\Program Files\\IM Names\\IM-svr.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"BIBOPTIONDEADEGGS"="C:\\Documents and Settings\\All Users\\Application Data\\Rdr Show Bib Option\\ManagerNoun.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"2Search"="C:\\Program Files\\2search\\main.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000009d

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A2400790918BBE1C.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-22 18:20:58.98
C:\ComboFix.txt ... 06-10-22 18:20

---

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Toni\Desktop
[22/10/2006]
[18:22:35]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\1 love.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\NounFork.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\Settings Enc.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\twoblah.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\fjxgwrrb.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\hsdlttyh.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\iihqobhd.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\iobmuffp.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\lyfsmqgw.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\mjnjzwhn.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\mqfcbvic.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\qubovlqx.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\snspzzzs.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\vxqsfjbw.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\xwpylrwl.exe
C:\WINDOWS\tasks\A2400790918BBE1C.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Talkback
C:\Documents and Settings\Administrator\Application Data\Toshiba
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Toni\Application Data\Adobe
C:\Documents and Settings\Toni\Application Data\Adobeaum
C:\Documents and Settings\Toni\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Toni\Application Data\Aim
C:\Documents and Settings\Toni\Application Data\Apple Computer
C:\Documents and Settings\Toni\Application Data\Creative
C:\Documents and Settings\Toni\Application Data\Fotowire
C:\Documents and Settings\Toni\Application Data\Fujifilm
C:\Documents and Settings\Toni\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Toni\Application Data\Identities
C:\Documents and Settings\Toni\Application Data\Im-names
C:\Documents and Settings\Toni\Application Data\Intertrust
C:\Documents and Settings\Toni\Application Data\Intervideo
C:\Documents and Settings\Toni\Application Data\Lavasoft
C:\Documents and Settings\Toni\Application Data\Leadertech
C:\Documents and Settings\Toni\Application Data\Macromedia
C:\Documents and Settings\Toni\Application Data\Microsoft
C:\Documents and Settings\Toni\Application Data\Mozilla
C:\Documents and Settings\Toni\Application Data\Msninstaller
C:\Documents and Settings\Toni\Application Data\Real
C:\Documents and Settings\Toni\Application Data\Sonic
C:\Documents and Settings\Toni\Application Data\Sony Corporation
C:\Documents and Settings\Toni\Application Data\Sony Ericsson
C:\Documents and Settings\Toni\Application Data\Sun
C:\Documents and Settings\Toni\Application Data\Symantec
C:\Documents and Settings\Toni\Application Data\Talkback
C:\Documents and Settings\Toni\Application Data\Teleca
C:\Documents and Settings\Toni\Application Data\Toshiba

---

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:56:34 22/10/2006

+ Scan result:



C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051701.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051702.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051703.dll -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051704.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052085.exe/main.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052087.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052088.exe -> Adware.2Search : Cleaned.
C:\WINDOWS\system32\2search.exe/main.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121562.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121563.exe -> Adware.CommAd : Cleaned.
C:\WINDOWS\Downloaded Program Files\v3.dll -> Adware.EliteBar : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121548.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121550.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121630.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121631.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030958.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030959.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030960.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034991.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0036999.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0037003.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038032.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039110.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039115.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039126.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039134.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040130.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040137.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042315.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042575.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042576.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042679.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039168.exe -> Adware.Lop : Cleaned.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052083.EXE -> Adware.MyWebSearch : Cleaned.
C:\Documents and Settings\Toni\mt-uninstaller.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121739.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038037.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP104\A0109514.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121519.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121521.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121528.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121556.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121558.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121559.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121560.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121561.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031966.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031967.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034965.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034966.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040195.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042272.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051697.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051699.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052034.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP65\A0072151.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP65\A0072152.exe -> Adware.Softomate : Cleaned.
C:\DXC9.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051681.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051682.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051683.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051793.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042570.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042573.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0033960.rbf -> Backdoor.MSNMaker.z : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038033.pif -> Backdoor.MSNMaker.z : Cleaned.
C:\Program Files\Hijackthis\backups\backup-20061022-185023-976.dll -> Dialer.Creazione.x : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121537.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121546.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121523.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121527.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030950.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030968.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030969.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031965.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032965.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038035.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030946.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030970.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031969.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032966.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040155.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121534.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121542.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121543.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0037024.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP104\A0109513.exe -> Downloader.Adload.gj : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121536.exe -> Downloader.Adload.gk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040165.exe -> Downloader.Adload.gm : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121535.exe -> Downloader.Adload.gn : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121544.exe -> Downloader.Adload.go : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121541.exe -> Downloader.Agent.azc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042317.exe -> Downloader.Agent.lq : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030951.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038036.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042316.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121539.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121540.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038031.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP64\A0069140.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051686.exe -> Dropper.Small : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032990.sys -> Hijacker.Costrat.i : Cleaned.
C:\WINDOWS\system32:lzx32.sys -> Hijacker.Costrat.i : Cleaned.
C:\Program Files\Hijackthis\backups\backup-20061022-185024-153.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051848.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052036.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052038.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052065.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv576.jar-5135e12a-2a4966aa.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121554.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030975.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030948.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030972.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030976.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030952.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030974.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031976.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032987.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039180.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030947.exe -> Trojan.Sinowal.az : Cleaned.
C:\jttsdgjj.exe -> Trojan.Sinowal.az : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030953.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031974.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032985.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038104.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030955.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030973.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031975.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032986.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038105.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040156.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030949.exe -> Worm.VB.ao : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031963.exe -> Worm.VB.ao : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038034.exe -> Worm.VB.ao : Cleaned.
C:\WINDOWS\c.exe -> Worm.VB.ao : Cleaned.


::Report end

---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 22, 2006 8:53:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/10/2006
Kaspersky Anti-Virus database records: 233846
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 67140
Number of viruses found: 41
Number of infected objects: 194 / 0
Number of suspicious objects: 2
Duration of the scan process: 00:38:44

Infected Object Name / Virus Name / Last Action
C:\ccreenfd.exe Infected: Trojan-Clicker.Win32.Costrat.k skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Toni\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Toni\drsmartload1135a.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\Toni\loadadv455.exe Infected: Trojan-Downloader.Win32.Harnig.cu skipped
C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe NSIS: infected - 5 skipped
C:\Documents and Settings\Toni\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Toni\ntuser.dat.LOG Object is locked skipped
C:\NoLopBackups\1 Love.exe.01.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Bindhole.exe.02.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Fjxgwrrb.exe.035.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Grtankgq.exe.036.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Heartflaw.exe.03.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Hsdlttyh.exe.037.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Iihqobhd.exe.038.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Iobmuffp.exe.039.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Jpcyvuhk.exe.040.infected