Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page yourehancement.com help needed
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-11-2006, 09:45 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


yourehancement.com help needed
Hi!
My kids' computer got infected with something. I've been working on it for 8 days on my own and I've finally gotten to the point where I think most of the worst stuff is gone, but as soon as my computer boots up, I get a notice that yourenhancement.com is trying to access the internet. If I plug in the cable, I get 2 pop-ups every 5 minutes or so, usually starting with heavy.com . I have run out of things to try, I did everything I was supposed to do before posting my log, and now I would really appreciate it if somebody could read my Hijack This log and tell me where I need to go from here. I swear I downloaded Windows SP1A and installed it - successfully, as far as I know - so hopefully it's normal that my log says it's just SP1.

Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 11:21:39 AM, on 7/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
c:\sdwork\issimsvc.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Drivers\ldlcserv.exe
c:\program files\softwin\bitdefender9\vsserv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\bdpn.exe
C:\WINDOWS\System32\xd7ehbkw.exe
C:\WINDOWS\win32089114164329.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
c:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\System32\v199.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D303CF5-0CE3-41ED-8ACE-5416BC70F5FE} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - (no file)
O2 - BHO: (no name) - {39B4C667-B8EB-41C1-AFEF-F54A0D9FE9F4} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {58E207EA-02F1-42D2-8950-AFB94F26F356} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {89F5DA14-578A-25B2-70F0-DE8B2A29A839} - C:\WINDOWS\mhduokhuk.dll (file missing)
O2 - BHO: (no name) - {8E44BB28-A0A8-408A-999B-5A09576A6DE2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {8FE529BE-DCE5-4A12-AFA2-97338F254E8D} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {A35F76AB-4CBB-B1CF-A309-CD2D396B276E} - C:\WINDOWS\iunq.dll (file missing)
O2 - BHO: (no name) - {ACB6969A-E074-FFDA-5E77-4D800C616F23} - C:\WINDOWS\vigecx.dll (file missing)
O2 - BHO: (no name) - {AD0DBC3B-6811-359C-1602-6534A7B58D6F} - C:\WINDOWS\pjeh.dll (file missing)
O2 - BHO: (no name) - {B12178AA-D5BF-19CD-DBB0-DC14E14C007E} - C:\WINDOWS\pqadljnghw.dll (file missing)
O2 - BHO: (no name) - {BCD5A14C-2236-4EB4-9D84-511253F588A3} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {BCD675A3-67FE-56D1-CCD2-7DFC3CD66F5A} - C:\WINDOWS\cdsdxf.dll (file missing)
O2 - BHO: (no name) - {CE8E7E06-C074-456C-9B61-4F1E292603B0} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {D3570364-63FF-4E24-8DAB-5679020C88CB} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {DB6DEF07-DECF-07D9-A58E-4C7DEBC99E2C} - C:\WINDOWS\ahfrof.dll (file missing)
O2 - BHO: (no name) - {DE98CD35-09BA-209C-BBB6-D11C2EBCA6D6} - C:\WINDOWS\iflrewhiji.dll (file missing)
O2 - BHO: (no name) - {E0DE372D-4963-40F4-89E0-ED3DA43FE3A7} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EB799CDE-E87E-429B-A68C-1CB76DFE2F36} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {F68233ED-5EE0-48A5-82E8-BA4F73BAB7D2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [;FSW] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [itac] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\System32\1201.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\System32\bdpn.exe"
O4 - HKLM\..\Run: [win32089114164329] C:\WINDOWS\win32089114164329.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\System32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\System32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\System32\1201.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quicken\QWDLLS.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0392de8f...p/RdxIE601.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframewor...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/isan/def...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\System32\v199.dll
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-12-2006, 12:39 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Before any work can be done on this machine, there is something that requires your intervention.

This machine is messed up pretty badly because you have several anti-virus programs (Symantec & BitDefender) on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
Please post a fresh log when you're done.



** detailed instructions for Symantec's removal ... > http://basconotw.mvps.org/SymRem.htm
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-12-2006 at 12:40 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 07:24 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


yourehancement.com help needed
I would dearly love to get rid of Bit Defender! I had trouble getting it installed, and now I can't get it uninstalled either. I uninstalled Symantec, and I've spent the last 2 hours trying to get rid of Bit Defender.

I tried doing it from add/remove programs. When I got done, it was gone
from my list of add/remove programs and the program itself no longer had
a folder for change/modify/uninstall, but I still came up with the Bit
Defender screen that told me I had 29 days left and that I should reboot
to complete my changes. I did that but Hijack This log still looked the same
I reinstalled and tried using the program's change/modify/uninstall icon.
Same results.
I reinstalled and tried Safe mode - I got an error message that I wasn't
allowed to do it in Safe mode.
I rebooted and told Bit Defender to exit. I tried both methods of
removing it (add/remove programs, and the program uninstall icon),
but got the same results as the other things I've tried.
I reinstalled and killed everything in my alt-cntl-del list that started with
bd. It took forever to get to add/remove programs, but
then the computer froze trying to do the remove. I rebooted, tried
again, and got the same results
I reinstalled and tried changing all the Bit Defender options to "no",
because I didn't know what else to try. I tried to uninstall, but had
the same results.
I even tried reading the Bit Defender help, but they make it sound like it's
a simple uninstall.

I AM rebooting every time it tells me that I need to in order for my changes
to take effect.

I have no idea what else to try, and my husband is required by his job to
use Symantec, so keeping Bit Defender is not an option. I only installed it 2 days ago because nothing else I tried had gotten rid of my problems. I don't suppose I can check all the Bit Defender entries in Hijack This and it'll all go away?

I REALLY appreciate your help!

Oh - and I've never posted to a forum like this before, so if my post isn't connected to my original post, it's because I didn't know how to do it. I had clicked on Reply, so I wouldn't have expected to need to put in another title for this post - I would have thought it would keep the title of the original post. But I appear to be in "reply to thread", so if I'm doing something wrong, please let me know! I am so grateful for your help and I don't want to do anything that's going to make your job more difficult!
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 08:01 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Let me know the version of BitDefender youhave on this machine. I'll see if I can find you an uninstaller for it.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 08:07 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


See if these helps ...

http://kb.bitdefender.com/KB260-en--...l-methods.html

http://kb.bitdefender.com/KB299
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-12-2006 at 08:09 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 08:21 AM   #6 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


yourehancement.com help needed
Wow - you're fast!
Yes! It looks to me like it's gone. Thanks!
Here's my latest Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 10:17:30 AM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\bdpn.exe
C:\WINDOWS\win32089114164329.exe
C:\WINDOWS\System32\xd7ehbkw.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\System32\v199.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D303CF5-0CE3-41ED-8ACE-5416BC70F5FE} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - (no file)
O2 - BHO: (no name) - {39B4C667-B8EB-41C1-AFEF-F54A0D9FE9F4} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {58E207EA-02F1-42D2-8950-AFB94F26F356} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {89F5DA14-578A-25B2-70F0-DE8B2A29A839} - C:\WINDOWS\mhduokhuk.dll (file missing)
O2 - BHO: (no name) - {8E44BB28-A0A8-408A-999B-5A09576A6DE2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {8FE529BE-DCE5-4A12-AFA2-97338F254E8D} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {A35F76AB-4CBB-B1CF-A309-CD2D396B276E} - C:\WINDOWS\iunq.dll (file missing)
O2 - BHO: (no name) - {ACB6969A-E074-FFDA-5E77-4D800C616F23} - C:\WINDOWS\vigecx.dll (file missing)
O2 - BHO: (no name) - {AD0DBC3B-6811-359C-1602-6534A7B58D6F} - C:\WINDOWS\pjeh.dll (file missing)
O2 - BHO: (no name) - {B12178AA-D5BF-19CD-DBB0-DC14E14C007E} - C:\WINDOWS\pqadljnghw.dll (file missing)
O2 - BHO: (no name) - {BCD5A14C-2236-4EB4-9D84-511253F588A3} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {BCD675A3-67FE-56D1-CCD2-7DFC3CD66F5A} - C:\WINDOWS\cdsdxf.dll (file missing)
O2 - BHO: (no name) - {CE8E7E06-C074-456C-9B61-4F1E292603B0} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {D3570364-63FF-4E24-8DAB-5679020C88CB} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {DB6DEF07-DECF-07D9-A58E-4C7DEBC99E2C} - C:\WINDOWS\ahfrof.dll (file missing)
O2 - BHO: (no name) - {DE98CD35-09BA-209C-BBB6-D11C2EBCA6D6} - C:\WINDOWS\iflrewhiji.dll (file missing)
O2 - BHO: (no name) - {E0DE372D-4963-40F4-89E0-ED3DA43FE3A7} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EB799CDE-E87E-429B-A68C-1CB76DFE2F36} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {F68233ED-5EE0-48A5-82E8-BA4F73BAB7D2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [;FSW] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [itac] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\System32\1201.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\System32\bdpn.exe"
O4 - HKLM\..\Run: [win32089114164329] C:\WINDOWS\win32089114164329.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\System32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\System32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\System32\1201.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quicken\QWDLLS.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0392de8f...p/RdxIE601.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframewor...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/isan/def...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\System32\v199.dll
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 08:39 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

Do these actions in the order/sequence as I laid out.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Download and install Ewido Security Suite
  • When installing, under "Additional Options",
    • uncheck - Install background guard
  • Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\System32\v199.dll
O2 - BHO: (no name) - {0D303CF5-0CE3-41ED-8ACE-5416BC70F5FE} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - (no file)
O2 - BHO: (no name) - {39B4C667-B8EB-41C1-AFEF-F54A0D9FE9F4} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {58E207EA-02F1-42D2-8950-AFB94F26F356} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {89F5DA14-578A-25B2-70F0-DE8B2A29A839} - C:\WINDOWS\mhduokhuk.dll (file missing)
O2 - BHO: (no name) - {8E44BB28-A0A8-408A-999B-5A09576A6DE2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {8FE529BE-DCE5-4A12-AFA2-97338F254E8D} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {A35F76AB-4CBB-B1CF-A309-CD2D396B276E} - C:\WINDOWS\iunq.dll (file missing)
O2 - BHO: (no name) - {ACB6969A-E074-FFDA-5E77-4D800C616F23} - C:\WINDOWS\vigecx.dll (file missing)
O2 - BHO: (no name) - {AD0DBC3B-6811-359C-1602-6534A7B58D6F} - C:\WINDOWS\pjeh.dll (file missing)
O2 - BHO: (no name) - {B12178AA-D5BF-19CD-DBB0-DC14E14C007E} - C:\WINDOWS\pqadljnghw.dll (file missing)
O2 - BHO: (no name) - {BCD5A14C-2236-4EB4-9D84-511253F588A3} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {BCD675A3-67FE-56D1-CCD2-7DFC3CD66F5A} - C:\WINDOWS\cdsdxf.dll (file missing)
O2 - BHO: (no name) - {CE8E7E06-C074-456C-9B61-4F1E292603B0} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {D3570364-63FF-4E24-8DAB-5679020C88CB} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {DB6DEF07-DECF-07D9-A58E-4C7DEBC99E2C} - C:\WINDOWS\ahfrof.dll (file missing)
O2 - BHO: (no name) - {DE98CD35-09BA-209C-BBB6-D11C2EBCA6D6} - C:\WINDOWS\iflrewhiji.dll (file missing)
O2 - BHO: (no name) - {E0DE372D-4963-40F4-89E0-ED3DA43FE3A7} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EB799CDE-E87E-429B-A68C-1CB76DFE2F36} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {F68233ED-5EE0-48A5-82E8-BA4F73BAB7D2} - C:\Program Files\Messenger\meboli.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [;FSW] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [itac] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\System32\1201.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\System32\bdpn.exe"
O4 - HKLM\..\Run: [win32089114164329] C:\WINDOWS\win32089114164329.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\System32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\System32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\System32\1201.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\System32\v199.dll
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


* * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * *


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\WINDOWS\System32\bdpn.exe
    C:\WINDOWS\win32089114164329.exe
    C:\WINDOWS\System32\xd7ehbkw.exe
    C:\WINDOWS\System32\v199.dll
    C:\Program Files\Messenger\meboli.dll
    C:\WINDOWS\mhduokhuk.dll
    C:\WINDOWS\iunq.dll
    C:\WINDOWS\vigecx.dll
    C:\WINDOWS\pjeh.dll
    C:\WINDOWS\pqadljnghw.dll
    C:\WINDOWS\cdsdxf.dll
    C:\WINDOWS\ahfrof.dll
    C:\WINDOWS\iflrewhiji.dll
    C:\windows\mrjj.exe
    C:\WINDOWS\System32\1201.exe
    C:\WINDOWS\System32\wallp2.exe
    C:\WINDOWS\System32\VSL13.exe
    C:\WINDOWS\System32\irssyncd.exe
    C:\WINDOWS\System32\atmgrtok.dll
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * *


1. Download this file -

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
  • Online Scan
  • Ewido
  • Combofix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-12-2006 at 08:40 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 03:44 PM   #8 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


yourehancement.com help needed
grrr - I had everything typed in but the forum suddenly decided I wasn't logged in and now it's all gone.

Just a few glitches. I didn't see "additional Options" when I was installing Ewidos, and didn't see anywhere to uncheck "install background guard".
First it asked me to select a language, then it wanted me to agree to terms, then asked me where to put it, and then asked if I wanted to run it. I said yes, but was on the main menu and I knew I wasn't supposed to run it yet.

Killbox - there wasn't an "all files" to select. I never got a prompt, so I couldn't tell it to delete on reboot. Similarly, I didn't get a "pending operations prompt".

Ewido again. I did not see the word 'clean" anywhere. When the scan was done, I had 3 options: "apply all actions", "save report", or "new scan". I clicked on "apply all actions", thinking it would prompt me for what you told me to do, but it didn't. It either quarrantined or deleted everything.

I don't use this computer and my own computer is Windows 98, so I can't speak to performance on this one. I was happy to see that the pop-ups were gone, but it seemed like an incredibly long time before the machine stopped grinding. When I looked to see what was going on, WCGrid_Rosetta.exe was taking from 45% to 99% of the CPU. Eventually, it went to 0% though.

Here are my scans:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:45:17 PM 7/12/2006

+ Scan result:



C:\WINDOWS\system32\nsh61.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\!Submit\win32089114164329.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 12, 2006 5:10:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2006
Kaspersky Anti-Virus database records: 206940
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 175900
Number of viruses found: 44
Number of infected objects: 260 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:14:05

Infected Object Name / Virus Name / Last Action
C:\!Submit\v199.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!Submit\xd7ehbkw.exe Infected: Trojan.Win32.Runner.j skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\;FSW.exe.bac_a00244/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\;FSW.exe.bac_a00244/data.rar Infected: Trojan.Win32.LowZones.am skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\;FSW.exe.bac_a00244 RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\;FSW.exe.bac_a00244 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\mirar.exe.bac_a03812 Infected: not-a-virus:AdWare.Win32.NetNucleus skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\mirar[1].exe.bac_a03812 Infected: not-a-virus:AdWare.Win32.NetNucleus skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\optimize.exe.bac_a03812 Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\optimize[1].exe.bac_a03812 Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\pi1_36.exe.bac_a03812 Infected: Trojan-Downloader.Win32.Small.cqy skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\pop06ap2.exe.bac_a03812 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\pop06ap2[1].exe.bac_a03812 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244 RarSFX: infected - 6 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT.exe.bac_a00244 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812 RarSFX: infected - 6 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\whCC-GIANT[1].exe.bac_a03812 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\backups\backup-20060712-123755-132.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006071220060713\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET3ADC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDE19.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDF59.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped
C:\downloads\IBM\ooRexx301.exe/data0035 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\downloads\IBM\ooRexx301.exe NSIS: infected - 1 skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184095.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184097.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184150.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184151.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184157.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184158.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184159.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184160.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184191.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184194.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184194.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184194.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184194.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184194.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184199.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184200.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184202.exe Infected: Trojan-Downloader.Win32.Small.cqy skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184204.exe Infected: Trojan-Downloader.Win32.VB.dm skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184205.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP655\A0184206.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP657\A0184314.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP676\A0188305.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP676\A0188351.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP676\A0188354.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188363.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188364.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188365.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188366.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188367.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188380.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188385.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188394.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188395.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188395.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188395.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188406.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188424.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188439.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188450.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188451.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188454.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188467.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188496.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188497.exe Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188500.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188501.exe/EXE-file/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188501.exe/EXE-file Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188501.exe Embedded EXE: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188524.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188555.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188556.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188557.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188562.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188563.exe Infected: Trojan-Dropper.Win32.Agent.zc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188564.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188565.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188566.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188567.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188568.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188569.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188572.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188573.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP677\A0188576.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188593.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188597.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188608.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188609.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188628.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188639.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188640.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188653.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188664.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188665.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188666.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188680.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188691.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188692.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188695.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188711.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188716.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188718.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188720.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188721.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188736.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188745.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188746.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188747.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188763.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188787.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188788.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188791.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188792.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP678\A0188806.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188819.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188819.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188819.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188820.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188820.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP679\A0188820.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188823.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188823.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188823.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188824.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188826.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188826.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188835.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188835.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188835.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188835.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0002/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0002/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188838.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188839.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188839.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188839.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188840.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188840.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188840.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188844.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188849.exe Infected: Trojan.Win32.StartPage.ajj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188850.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188851.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188864.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188866.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0002/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0002/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188873.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188875.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188881.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188882.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188886.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188889.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188891.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188892.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188894.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188895.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188896.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188908.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188917.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188919.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188920.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188930.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188933.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188938.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188939.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188939.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP680\A0188939.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188940.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188942.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188949.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188949.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188949.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188949.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188950.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188951.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188952.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188953.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188954.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188955.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188956.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188956.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188956.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188957.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188957.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188957.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188958.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188966.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0188983.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189026.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189037.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189041.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189047.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189051.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189057.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189061.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189069.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189076.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP681\A0189081.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189095.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189101.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189118.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189122.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189151.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189157.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189158.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189158.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189158.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189187.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP682\A0189188.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP691\A0193041.exe WiseSFX: infected - 8 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\A0197403.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\A0197407.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\A0197408.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\A0197456.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\A0197457.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP701\change.log Object is locked skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0017.BIN Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01 WiseSFX: infected - 8 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\new_bundle_Justin.exe/data0002/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\new_bundle_Justin.exe/data0002/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\new_bundle_Justin.exe/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\new_bundle_Justin.exe/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\new_bundle_Justin.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\new_bundle_Justin.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\new_bundle_Justin.exe NSIS: infected - 6 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1DFB595D-FF56-4087-9883-823A5719EE1C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Start Time= Wed 07/12/2006 17:12:39.51
Running from: C:\My Downloads

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-12 12:18:00 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-12 10:11:12 ( .D... ) "C:\Program Files\Symantec AntiVirus"
2006-07-11 12:54:44 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll"
2006-07-11 12:54:44 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll"
2006-07-11 12:54:44 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll"
2006-07-10 14:53:36 ( .D... ) "C:\Program Files\PestPatrol"
2006-07-09 19:38:14 74752 ( A.... ) "C:\WINDOWS\sys0216432991142006.exe"
2006-07-08 19:48:00 ( .D... ) "C:\Documents and Settings\Owner\Application Data\TrojanHunter"
2006-07-08 19:17:28 59392 ( ....R ) "C:\WINDOWS\system32\streamhlp.dll"
2006-07-06 17:57:52 0 ( A.... ) "C:\Documents and Settings\Owner\Application Data\internaldb41.dat"
2006-07-06 17:49:28 339 ( A.... ) "C:\WINDOWS\nigqb.dll"
2006-07-06 17:34:56 363596 ( A.... ) "C:\WINDOWS\new_bundle_Justin.exe"
2006-07-06 16:32:48 28672 ( A.... ) "C:\WINDOWS\system32\hvzead7v.exe"
2006-07-05 21:53:28 ( .D... ) "C:\Program Files\CCleaner"
2006-07-04 11:58:50 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-03 17:40:00 24576 ( A.... ) "C:\WINDOWS\system32\msxml3a.dll"
2006-07-03 17:36:54 ( .D... ) "C:\Documents and Settings\Owner\Application Data\?ymantec"
2006-07-03 14:29:02 ( .D... ) "C:\Documents and Settings\Owner\Application Data\System Restore"
2006-06-27 15:43:36 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll"
2006-06-21 14:50:08 ( .D... ) "C:\Program Files\Brother"
2006-06-11 13:40:44 ( .D... ) "C:\Program Files\Sweep"
2006-06-11 13:40:26 ( .D... ) "C:\Program Files\keyexp"
2006-06-09 11:02:12 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Lavasoft"
2006-06-09 11:02:04 ( .D... ) "C:\Program Files\Lavasoft"
2006-05-22 14:04:30 ( .D... ) "C:\Program Files\GPL 2004 DEMO"
2006-05-20 11:29:32 5683 ( A.... ) "C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-12 14:46 536,399,872 C:\hiberfil.sys
2006-07-12 10:11 91,856 C:\WINDOWS\system32\S32EVNT1.DLL
2006-07-11 11:08 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-07-11 11:08 33,808 C:\WINDOWS\system32\ntio.sys
2006-07-11 11:08 18,944 C:\WINDOWS\system32\faxpatch.exe
2006-07-10 17:07 684,032 C:\WINDOWS\libeay32.dll
2006-07-10 17:07 478,720 C:\WINDOWS\WRUninstall.dll
2006-07-10 17:07 155,648 C:\WINDOWS\ssleay32.dll
2006-07-09 19:37 74,752 C:\WINDOWS\sys0216432991142006.exe
2006-07-06 16:32 363,596 C:\WINDOWS\new_bundle_Justin.exe
2006-07-06 16:32 28,672 C:\WINDOWS\system32\hvzead7v.exe
2006-07-05 22:06 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-05 22:06 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-03 17:39 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-27 15:31 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-06-27 15:31 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-06-27 15:31 470,528 C:\WINDOWS\system32\qdvd.dll
2006-06-27 15:31 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-06-27 15:31 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-06-27 15:31 381,952 C:\WINDOWS\system32\dsound.dll
2006-06-27 15:31 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-06-27 15:31 316,928 C:\WINDOWS\system32\qdv.dll
2006-06-27 15:31 292,864 C:\WINDOWS\system32\ddraw.dll
2006-06-27 15:31 230,400 C:\WINDOWS\system32\dplayx.dll
2006-06-27 15:31 181,248 C:\WINDOWS\system32\dmime.dll
2006-06-27 15:31 16,896 C:\WINDOWS\system32\msyuv.dll
2006-06-27 15:31 122,880 C:\WINDOWS\system32\dmusic.dll
2006-06-27 15:31 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-06-27 15:31 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-06-27 15:31 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-06-27 15:31 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-06-21 14:50 966,144 C:\WINDOWS\system32\ltdlgres13n.dll
2006-06-21 14:50 93,184 C:\WINDOWS\system32\lfPCL13n.dll
2006-06-21 14:50 921,088 C:\WINDOWS\system32\LTDic13n.dll
2006-06-21 14:50 918,016 C:\WINDOWS\system32\Ltwvc13n.dll
2006-06-21 14:50 90,112 C:\WINDOWS\system32\lfjbg13n.dll
2006-06-21 14:50 84,480 C:\WINDOWS\system32\lfgbr13n.dll
2006-06-21 14:50 84,480 C:\WINDOWS\system32\lffpx13n.dll
2006-06-21 14:50 825,344 C:\WINDOWS\system32\ltwen13n.dll
2006-06-21 14:50 82,432 C:\WINDOWS\system32\lfshp13n.dll
2006-06-21 14:50 80,384 C:\WINDOWS\system32\LTCON13n.dll
2006-06-21 14:50 796,160 C:\WINDOWS\system32\ltann13n.dll
2006-06-21 14:50 794,624 C:\WINDOWS\system32\LTRTN13n.DLL
2006-06-21 14:50 77,312 C:\WINDOWS\system32\LTTLB13n.dll
2006-06-21 14:50 76,288 C:\WINDOWS\system32\ltpdg13n.dll
2006-06-21 14:50 74,240 C:\WINDOWS\system32\lfplt13n.dll
2006-06-21 14:50 73,216 C:\WINDOWS\system32\lffax13n.dll
2006-06-21 14:50 69,632 C:\WINDOWS\system32\LFPTK13n.dll
2006-06-21 14:50 65,536 C:\WINDOWS\system32\Lfcgm13n.dll
2006-06-21 14:50 6,144 C:\WINDOWS\system32\AWDCXC32.DLL
2006-06-21 14:50 59,392 C:\WINDOWS\system32\Lfpct13n.dll
2006-06-21 14:50 58,368 C:\WINDOWS\system32\lfsct13n.dll
2006-06-21 14:50 55,296 C:\WINDOWS\system32\lfpsd13n.dll
2006-06-21 14:50 54,784 C:\WINDOWS\system32\Lfdgn13n.dll
2006-06-21 14:50 52,224 C:\WINDOWS\system32\lfdrw13n.dll
2006-06-21 14:50 50,176 C:\WINDOWS\system32\ltlst13n.dll
2006-06-21 14:50 49,152 C:\WINDOWS\system32\Lfwmf13n.dll
2006-06-21 14:50 482,816 C:\WINDOWS\system32\lfdwf13n.dll
2006-06-21 14:50 48,128 C:\WINDOWS\system32\lfica13n.dll
2006-06-21 14:50 47,104 C:\WINDOWS\system32\lfXpm13n.dll
2006-06-21 14:50 45,056 C:\WINDOWS\system32\lfXbm13n.dll
2006-06-21 14:50 445,440 C:\WINDOWS\system32\LFCMW13n.dll
2006-06-21 14:50 416,256 C:\WINDOWS\system32\ltkrn13n.dll
2006-06-21 14:50 38,400 C:\WINDOWS\system32\lfflc13n.dll
2006-06-21 14:50 37,888 C:\WINDOWS\system32\lfeps13n.dll
2006-06-21 14:50 351,744 C:\WINDOWS\system32\LFCMP13n.DLL
2006-06-21 14:50 35,840 C:\WINDOWS\system32\lfcal13n.dll
2006-06-21 14:50 35,328 C:\WINDOWS\system32\lttwn13n.dll
2006-06-21 14:50 34,816 C:\WINDOWS\system32\ltisi13n.dll
2006-06-21 14:50 34,816 C:\WINDOWS\system32\lfgif13n.dll
2006-06-21 14:50 338,944 C:\WINDOWS\system32\lffpx7.dll
2006-06-21 14:50 33,792 C:\WINDOWS\system32\LFSMP13n.dll
2006-06-21 14:50 33,280 C:\WINDOWS\system32\lfwmp13n.dll
2006-06-21 14:50 326,144 C:\WINDOWS\system32\ltimg13n.dll
2006-06-21 14:50 32,256 C:\WINDOWS\system32\lttmb13n.dll
2006-06-21 14:50 31,744 C:\WINDOWS\system32\lflmb13n.dll
2006-06-21 14:50 31,232 C:\WINDOWS\system32\LFPNM13n.dll
2006-06-21 14:50 30,208 C:\WINDOWS\system32\LTWND13n.DLL
2006-06-21 14:50 30,208 C:\WINDOWS\system32\lfbmp13n.dll
2006-06-21 14:50 293,376 C:\WINDOWS\system32\lfAFP13n.dll
2006-06-21 14:50 29,184 C:\WINDOWS\system32\lflma13n.dll
2006-06-21 14:50 29,184 C:\WINDOWS\system32\lfclp13n.dll
2006-06-21 14:50 27,136 C:\WINDOWS\system32\lfiff13n.dll
2006-06-21 14:50 26,624 C:\WINDOWS\system32\AWRESX32.DLL
2006-06-21 14:50 26,112 C:\WINDOWS\system32\lfpcx13n.dll
2006-06-21 14:50 258,560 C:\WINDOWS\system32\LTDIS13n.dll
2006-06-21 14:50 25,600 C:\WINDOWS\system32\lfxwd13n.dll
2006-06-21 14:50 25,600 C:\WINDOWS\system32\lfani13n.dll
2006-06-21 14:50 248,320 C:\WINDOWS\system32\LFJ2K13n.dll
2006-06-21 14:50 24,576 C:\WINDOWS\system32\AWCODC32.DLL
2006-06-21 14:50 23,552 C:\WINDOWS\system32\lftga13n.dll
2006-06-21 14:50 23,040 C:\WINDOWS\system32\lfawd13n.dll
2006-06-21 14:50 228,352 C:\WINDOWS\system32\Lvkrn13n.dll
2006-06-21 14:50 21,504 C:\WINDOWS\system32\lfCUT13n.dll
2006-06-21 14:50 205,824 C:\WINDOWS\system32\ltefx13n.dll
2006-06-21 14:50 20,992 C:\WINDOWS\system32\lfimg13n.dll
2006-06-21 14:50 20,480 C:\WINDOWS\system32\lfwpg13n.dll
2006-06-21 14:50 20,480 C:\WINDOWS\system32\lfsgi13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfwfx13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfpcd13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfitg13n.dll
2006-06-21 14:50 19,456 C:\WINDOWS\system32\lfvec13n.dll
2006-06-21 14:50 19,456 C:\WINDOWS\system32\lfras13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfmsp13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfmac13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfavi13n.dll
2006-06-21 14:50 171,008 C:\WINDOWS\system32\lfpdf13n.dll
2006-06-21 14:50 17,920 C:\WINDOWS\system32\lfRaw13n.dll
2006-06-21 14:50 150,016 C:\WINDOWS\system32\Lfpng13n.dll
2006-06-21 14:50 139,776 C:\WINDOWS\system32\LTSCR13n.DLL
2006-06-21 14:50 137,728 C:\WINDOWS\system32\ltfil13n.DLL
2006-06-21 14:50 133,632 C:\WINDOWS\system32\lfdxf13n.dll
2006-06-21 14:50 131,072 C:\WINDOWS\system32\lftif13n.dll
2006-06-21 14:50 120,320 C:\WINDOWS\system32\Ltpnt13n.dll
2006-06-21 14:50 118,784 C:\WINDOWS\system32\lfkodak.dll
2006-06-21 14:50 116,736 C:\WINDOWS\system32\LTAUT13n.dll
2006-06-21 14:50 114,176 C:\WINDOWS\system32\lfdwg13n.dll
2006-06-21 14:50 112,640 C:\WINDOWS\system32\LTOCR13n.dll
2006-06-21 14:50 110,592 C:\WINDOWS\system32\LTSGM13N.DLL
2006-06-21 14:50 11,776 C:\WINDOWS\system32\AWDENC32.DLL
2006-06-21 14:50 103,936 C:\WINDOWS\system32\lttw213n.dll
2006-06-21 14:50 102,400 C:\WINDOWS\system32\lfmpg13n.dll
2006-06-21 14:50 10,240 C:\WINDOWS\system32\AWVIEW32.DLL
2006-06-21 14:50 1,684,480 C:\WINDOWS\system32\LTCLR13n.dll
2006-06-21 14:50 1,368,576 C:\WINDOWS\system32\ltdlg13n.dll
2006-06-08 22:06 339 C:\WINDOWS\nigqb.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"stgclean"="c:\\sdwork\\w32main2.exe /cleanup"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"ThrustTSR"="C:\\Program Files\\Thrustmaster\\Thrustmapper\\TMTMTSR.exe"
"ISSI EZUpdate Service"="\"c:\\sdwork\\issimsvc.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Net-It Launcher"="C:\\WINDOWS\\System32\\NILaunch.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"Tpam.exe"="\"C:\\Program Files\\IBM\\Personal Communications\\tpam.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"kSPYv"="\"C:\\WINDOWS\\System32\\bdpn.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"DW4"=""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Common Files\\pojo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\WindowsUpdate\\megevu.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: Wed 07/12/2006 17:13:21.14
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 04:20 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Please read the rest of this post completely before begining the fix.

Launch Firefox & go to Tools > Options.
Under 'Privacy', locate & hit the button - 'Clear Cache Now'


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

SpywareBlaster 3.5.1 - Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

Please download the file attached - regdel.zip
Double-click the file within & allow it to merge with the Registry.
This will remove some malware entries from the Registry


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (make sure you get ALL of them)
  • C:\!Submit\
    C:\WINDOWS\new_bundle_Justin.exe
    C:\WINDOWS\sys0216432991142006.exe
    C:\WINDOWS\nigqb.dll

    C:\Documents and Settings\Owner\Application Data\?ymantec     ......> this one is abit tricky. The ? can be any alphabet but it's probably Symantec. You can identify it by the folder's date - 2006-07-03
Delete the contents of this folder, leaving it empty:
  • C:\Documents and Settings\Owner\.housecall\Quarantine\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.


* * * * * *


This will clear the System Volume Information folder
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click OK


* * * * * *

Reboot your machine & post fresh copies of these logs:

1. Combofix
2. Hijackthis
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-15-2006 at 01:01 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2006, 05:40 PM   #10 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


Latest Logs
Thank you so much for all your help - I feel like I've accomplished more today than I did the whole time I was working on my own! Here's what I've got now.

Logfile of HijackThis v1.99.1
Scan saved at 7:33:41 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\United Devices\UD.EXE
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\United Devices\ud_7657531.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\System32\v199.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quicken\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0392de8f...p/RdxIE601.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframewor...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/isan/def...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\System32\v199.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe


Start Time= Wed 07/12/2006 19:34:41.70
Running from: C:\My Downloads

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-12 18:57:34 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-12 12:18:00 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-12 10:11:12 ( .D... ) "C:\Program Files\Symantec AntiVirus"
2006-07-11 12:54:44 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll"
2006-07-11 12:54:44 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll"
2006-07-11 12:54:44 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll"
2006-07-10 14:53:36 ( .D... ) "C:\Program Files\PestPatrol"
2006-07-08 19:48:00 ( .D... ) "C:\Documents and Settings\Owner\Application Data\TrojanHunter"
2006-07-08 19:17:28 59392 ( ....R ) "C:\WINDOWS\system32\streamhlp.dll"
2006-07-06 17:57:52 0 ( A.... ) "C:\Documents and Settings\Owner\Application Data\internaldb41.dat"
2006-07-06 16:32:48 28672 ( A.... ) "C:\WINDOWS\system32\hvzead7v.exe"
2006-07-05 21:53:28 ( .D... ) "C:\Program Files\CCleaner"
2006-07-04 11:58:50 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-03 17:40:00 24576 ( A.... ) "C:\WINDOWS\system32\msxml3a.dll"
2006-07-03 14:29:02 ( .D... ) "C:\Documents and Settings\Owner\Application Data\System Restore"
2006-06-27 15:43:36 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll"
2006-06-21 14:50:08 ( .D... ) "C:\Program Files\Brother"
2006-06-11 13:40:44 ( .D... ) "C:\Program Files\Sweep"
2006-06-11 13:40:26 ( .D... ) "C:\Program Files\keyexp"
2006-06-09 11:02:12 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Lavasoft"
2006-06-09 11:02:04 ( .D... ) "C:\Program Files\Lavasoft"
2006-05-22 14:04:30 ( .D... ) "C:\Program Files\GPL 2004 DEMO"
2006-05-20 11:29:32 5683 ( A.... ) "C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-12 19:02 21,312 C:\WINDOWS\choice.exe
2006-07-12 14:46 536,399,872 C:\hiberfil.sys
2006-07-12 10:11 91,856 C:\WINDOWS\system32\S32EVNT1.DLL
2006-07-11 11:08 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-07-11 11:08 33,808 C:\WINDOWS\system32\ntio.sys
2006-07-11 11:08 18,944 C:\WINDOWS\system32\faxpatch.exe
2006-07-10 17:07 684,032 C:\WINDOWS\libeay32.dll
2006-07-10 17:07 478,720 C:\WINDOWS\WRUninstall.dll
2006-07-10 17:07 155,648 C:\WINDOWS\ssleay32.dll
2006-07-06 16:32 28,672 C:\WINDOWS\system32\hvzead7v.exe
2006-07-05 22:06 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-05 22:06 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-03 17:39 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-27 15:31 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-06-27 15:31 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-06-27 15:31 470,528 C:\WINDOWS\system32\qdvd.dll
2006-06-27 15:31 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-06-27 15:31 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-06-27 15:31 381,952 C:\WINDOWS\system32\dsound.dll
2006-06-27 15:31 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-06-27 15:31 316,928 C:\WINDOWS\system32\qdv.dll
2006-06-27 15:31 292,864 C:\WINDOWS\system32\ddraw.dll
2006-06-27 15:31 230,400 C:\WINDOWS\system32\dplayx.dll
2006-06-27 15:31 181,248 C:\WINDOWS\system32\dmime.dll
2006-06-27 15:31 16,896 C:\WINDOWS\system32\msyuv.dll
2006-06-27 15:31 122,880 C:\WINDOWS\system32\dmusic.dll
2006-06-27 15:31 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-06-27 15:31 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-06-27 15:31 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-06-27 15:31 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-06-21 14:50 966,144 C:\WINDOWS\system32\ltdlgres13n.dll
2006-06-21 14:50 93,184 C:\WINDOWS\system32\lfPCL13n.dll
2006-06-21 14:50 921,088 C:\WINDOWS\system32\LTDic13n.dll
2006-06-21 14:50 918,016 C:\WINDOWS\system32\Ltwvc13n.dll
2006-06-21 14:50 90,112 C:\WINDOWS\system32\lfjbg13n.dll
2006-06-21 14:50 84,480 C:\WINDOWS\system32\lfgbr13n.dll
2006-06-21 14:50 84,480 C:\WINDOWS\system32\lffpx13n.dll
2006-06-21 14:50 825,344 C:\WINDOWS\system32\ltwen13n.dll
2006-06-21 14:50 82,432 C:\WINDOWS\system32\lfshp13n.dll
2006-06-21 14:50 80,384 C:\WINDOWS\system32\LTCON13n.dll
2006-06-21 14:50 796,160 C:\WINDOWS\system32\ltann13n.dll
2006-06-21 14:50 794,624 C:\WINDOWS\system32\LTRTN13n.DLL
2006-06-21 14:50 77,312 C:\WINDOWS\system32\LTTLB13n.dll
2006-06-21 14:50 76,288 C:\WINDOWS\system32\ltpdg13n.dll
2006-06-21 14:50 74,240 C:\WINDOWS\system32\lfplt13n.dll
2006-06-21 14:50 73,216 C:\WINDOWS\system32\lffax13n.dll
2006-06-21 14:50 69,632 C:\WINDOWS\system32\LFPTK13n.dll
2006-06-21 14:50 65,536 C:\WINDOWS\system32\Lfcgm13n.dll
2006-06-21 14:50 6,144 C:\WINDOWS\system32\AWDCXC32.DLL
2006-06-21 14:50 59,392 C:\WINDOWS\system32\Lfpct13n.dll
2006-06-21 14:50 58,368 C:\WINDOWS\system32\lfsct13n.dll
2006-06-21 14:50 55,296 C:\WINDOWS\system32\lfpsd13n.dll
2006-06-21 14:50 54,784 C:\WINDOWS\system32\Lfdgn13n.dll
2006-06-21 14:50 52,224 C:\WINDOWS\system32\lfdrw13n.dll
2006-06-21 14:50 50,176 C:\WINDOWS\system32\ltlst13n.dll
2006-06-21 14:50 49,152 C:\WINDOWS\system32\Lfwmf13n.dll
2006-06-21 14:50 482,816 C:\WINDOWS\system32\lfdwf13n.dll
2006-06-21 14:50 48,128 C:\WINDOWS\system32\lfica13n.dll
2006-06-21 14:50 47,104 C:\WINDOWS\system32\lfXpm13n.dll
2006-06-21 14:50 45,056 C:\WINDOWS\system32\lfXbm13n.dll
2006-06-21 14:50 445,440 C:\WINDOWS\system32\LFCMW13n.dll
2006-06-21 14:50 416,256 C:\WINDOWS\system32\ltkrn13n.dll
2006-06-21 14:50 38,400 C:\WINDOWS\system32\lfflc13n.dll
2006-06-21 14:50 37,888 C:\WINDOWS\system32\lfeps13n.dll
2006-06-21 14:50 351,744 C:\WINDOWS\system32\LFCMP13n.DLL
2006-06-21 14:50 35,840 C:\WINDOWS\system32\lfcal13n.dll
2006-06-21 14:50 35,328 C:\WINDOWS\system32\lttwn13n.dll
2006-06-21 14:50 34,816 C:\WINDOWS\system32\ltisi13n.dll
2006-06-21 14:50 34,816 C:\WINDOWS\system32\lfgif13n.dll
2006-06-21 14:50 338,944 C:\WINDOWS\system32\lffpx7.dll
2006-06-21 14:50 33,792 C:\WINDOWS\system32\LFSMP13n.dll
2006-06-21 14:50 33,280 C:\WINDOWS\system32\lfwmp13n.dll
2006-06-21 14:50 326,144 C:\WINDOWS\system32\ltimg13n.dll
2006-06-21 14:50 32,256 C:\WINDOWS\system32\lttmb13n.dll
2006-06-21 14:50 31,744 C:\WINDOWS\system32\lflmb13n.dll
2006-06-21 14:50 31,232 C:\WINDOWS\system32\LFPNM13n.dll
2006-06-21 14:50 30,208 C:\WINDOWS\system32\LTWND13n.DLL
2006-06-21 14:50 30,208 C:\WINDOWS\system32\lfbmp13n.dll
2006-06-21 14:50 293,376 C:\WINDOWS\system32\lfAFP13n.dll
2006-06-21 14:50 29,184 C:\WINDOWS\system32\lflma13n.dll
2006-06-21 14:50 29,184 C:\WINDOWS\system32\lfclp13n.dll
2006-06-21 14:50 27,136 C:\WINDOWS\system32\lfiff13n.dll
2006-06-21 14:50 26,624 C:\WINDOWS\system32\AWRESX32.DLL
2006-06-21 14:50 26,112 C:\WINDOWS\system32\lfpcx13n.dll
2006-06-21 14:50 258,560 C:\WINDOWS\system32\LTDIS13n.dll
2006-06-21 14:50 25,600 C:\WINDOWS\system32\lfxwd13n.dll
2006-06-21 14:50 25,600 C:\WINDOWS\system32\lfani13n.dll
2006-06-21 14:50 248,320 C:\WINDOWS\system32\LFJ2K13n.dll
2006-06-21 14:50 24,576 C:\WINDOWS\system32\AWCODC32.DLL
2006-06-21 14:50 23,552 C:\WINDOWS\system32\lftga13n.dll
2006-06-21 14:50 23,040 C:\WINDOWS\system32\lfawd13n.dll
2006-06-21 14:50 228,352 C:\WINDOWS\system32\Lvkrn13n.dll
2006-06-21 14:50 21,504 C:\WINDOWS\system32\lfCUT13n.dll
2006-06-21 14:50 205,824 C:\WINDOWS\system32\ltefx13n.dll
2006-06-21 14:50 20,992 C:\WINDOWS\system32\lfimg13n.dll
2006-06-21 14:50 20,480 C:\WINDOWS\system32\lfwpg13n.dll
2006-06-21 14:50 20,480 C:\WINDOWS\system32\lfsgi13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfwfx13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfpcd13n.dll
2006-06-21 14:50 19,968 C:\WINDOWS\system32\lfitg13n.dll
2006-06-21 14:50 19,456 C:\WINDOWS\system32\lfvec13n.dll
2006-06-21 14:50 19,456 C:\WINDOWS\system32\lfras13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfmsp13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfmac13n.dll
2006-06-21 14:50 18,944 C:\WINDOWS\system32\lfavi13n.dll
2006-06-21 14:50 171,008 C:\WINDOWS\system32\lfpdf13n.dll
2006-06-21 14:50 17,920 C:\WINDOWS\system32\lfRaw13n.dll
2006-06-21 14:50 150,016 C:\WINDOWS\system32\Lfpng13n.dll
2006-06-21 14:50 139,776 C:\WINDOWS\system32\LTSCR13n.DLL
2006-06-21 14:50 137,728 C:\WINDOWS\system32\ltfil13n.DLL
2006-06-21 14:50 133,632 C:\WINDOWS\system32\lfdxf13n.dll
2006-06-21 14:50 131,072 C:\WINDOWS\system32\lftif13n.dll
2006-06-21 14:50 120,320 C:\WINDOWS\system32\Ltpnt13n.dll
2006-06-21 14:50 118,784 C:\WINDOWS\system32\lfkodak.dll
2006-06-21 14:50 116,736 C:\WINDOWS\system32\LTAUT13n.dll
2006-06-21 14:50 114,176 C:\WINDOWS\system32\lfdwg13n.dll
2006-06-21 14:50 112,640 C:\WINDOWS\system32\LTOCR13n.dll
2006-06-21 14:50 110,592 C:\WINDOWS\system32\LTSGM13N.DLL
2006-06-21 14:50 11,776 C:\WINDOWS\system32\AWDENC32.DLL
2006-06-21 14:50 103,936 C:\WINDOWS\system32\lttw213n.dll
2006-06-21 14:50 102,400 C:\WINDOWS\system32\lfmpg13n.dll
2006-06-21 14:50 10,240 C:\WINDOWS\system32\AWVIEW32.DLL
2006-06-21 14:50 1,684,480 C:\WINDOWS\system32\LTCLR13n.dll
2006-06-21 14:50 1,368,576 C:\WINDOWS\system32\ltdlg13n.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"stgclean"="c:\\sdwork\\w32main2.exe /cleanup"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"ThrustTSR"="C:\\Program Files\\Thrustmaster\\Thrustmapper\\TMTMTSR.exe"
"ISSI EZUpdate Service"="\"c:\\sdwork\\issimsvc.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Net-It Launcher"="C:\\WINDOWS\\System32\\NILaunch.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"Tpam.exe"="\"C:\\Program Files\\IBM\\Personal Communications\\tpam.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"DW4"=""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: Wed 07/12/2006 19:35:17.12
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-12.193441.txt
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 01:08 AM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


We're almost there. Just a few minor steps & we're home.

These entries should be fixed with Hijackthis. We've removed the physical files earlier on & the entries are empty references. Do a scan with Hijackthis & fix these:

O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\System32\v199.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\System32\v199.dll


This file is a left over from the deletions. You shouldnt have any problem removing it now:

C:\WINDOWS\system32\hvzead7v.exe


For a good measure, please do a repeat scan at Kaspersky Online Scanner. Let's see if there's any lingering infections unaccounted for.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 07:16 AM   #12 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


Latest Log
Thanks!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 13, 2006 9:13:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/07/2006
Kaspersky Anti-Virus database records: 207062
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 164057
Number of viruses found: 8
Number of infected objects: 13 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:13:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\backups\backup-20060712-123755-132.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006071320060714\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETC317.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF52C9.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE1CB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped
C:\downloads\IBM\ooRexx301.exe/data0035 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\downloads\IBM\ooRexx301.exe NSIS: infected - 1 skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0017.BIN Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\BA7A3B39d01 WiseSFX: infected - 8 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{12E01AFF-5C13-47C4-9319-2C14F81928D6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 07:40 AM   #13 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Quote:
Number of viruses found: 8
Number of infected objects: 13 / 0
Quote:
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\backups\backup-20060712-123755-132.dll
This is Hijackthis backup folder. You may delete this

Quote:
C:\downloads\IBM\ooRexx301.exe/data0035 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\downloads\IBM\ooRexx301.exe NSIS: infected - 1 skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
These are legitimate IBM files

Quote:
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0017.BIN Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\WINDOWS\Application Data\Mozilla\Profiles\Michael\c0tp5wy3.slt\Cache\B A7A3B39d01 WiseSFX: infected - 8 skipped
Did you forget to clear Firefox's cache? :)

Quote:
Launch Firefox & go to Tools > Options.
Under 'Privacy', locate & hit the button - 'Clear Cache Now'
Barbara, your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:

  1. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  2. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  3. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  4. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.


  5. Microsoft Windows Update
    Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  6. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


  7. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 08:51 AM   #14 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 9
OS: XP


My response seems to have vanished, so I'll try again.
I did delete Firefox's cache from the 4 profiles we had, but apparently we have other profiles that do not appear on our list of choices when we go into Firefox. I deleted them.

Just a few more questions?
1. Is it safe to assume that the list you sent me to make sure this doesn't happen again was a standard list? I only ask because I've never felt comfortable with stopping the daily virus scans like IBM told the people at work. They say that the real-time protection is enough. Also, I'm 100% positive that my modem and router are set up correctly, but it's hard for me to trust that there really is a built-in firewall that will protect that computer.

2. My eyes have really been opened to how my computer can be infected without knowing it. I ran a program called Webroot SpyAudit on my own computer and it came up with 104 infections. I ran AdAware, SpyBot and Housecall, and then there were 106, so I decided that it must have been a gimmick to try to get me to buy something. But now I'm not so sure. It appears that the people who post to this forum have real problems; would it be out of line for me to ask to have somebody look at a Windows98 Hijack This log just for my own peace of mind? Or is there an EASY Hijack This tutorial out there so I could work on my own? The one tutorial I tried to read was way over my head.

I really can't thank you enough for all your help. Yes, you fixed my problem, but you did it in such a nice way. You gave me links to everything I needed, all your instructions were specific enough that I didn't feel like an idiot for not knowing where to go or what to do to get to where you wanted me to be, you told me which things were going to take a long time and which ones would look like they hadn't done anything. And my personal favorite was when you said not to click on anything when this one thing was running because it would make my system freeze - without a doubt, I would have thought something was wrong and would have started clicking if you hadn't told me ahead of time :-)

Thanks again!
barbarawr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-14-2006, 04:30 AM   #15 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,473
OS: N/A


Quote:
I've never felt comfortable with stopping the daily virus scans like IBM told the people at work. They say that the real-time protection is enough.
Daily scans is a bit of an overkill. You can do it on a weekly basis. It's more important that you do not visit any dubious sites & be careful with what you download/install on the machine.

Quote:
have somebody look at a Windows98 Hijack This log
No problem. Just start a new thread & post the log.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:33 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85