Hijack log help!

Socha_62 · 11-30-2006, 01:30 PM

Howdy, the other day I apparently went to a "bad" site and some stuffs been going wrong immediately. My virus program PC-Cillin instantly picked up two virus it found, a Trojan and some other one. I deleted them, through the program following the instructions ect. Now I'm getting IE pop ups randomly, I use Firefox 2.0 too. I've had this comp for about 6 months and its been awesome, I take care of it and don't let any of that crap on here, this is the first problem I've had.

I ran Spybot and Ad-Aware and cleaned it all up but I still get these pop ups. I want to squash it before it gets out of control. Also I had the 2 virus pop up again caught by PC Cillin, deleted them ect.

I've used HiJack on many other computers so I'm fimiliar with all the steps and such, just need to know exactly what to do! Thanks! Also its XP Pro

--------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:31:04 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvid.dll,startup
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Socha_62 · 12-01-2006, 09:29 AM

It won't let me edit the first post for some reason, theres no "edit" button of the whole page...

New problems, I can't download anything. I right click and Save Target As and the Downloads box thats suppose to pop up in Firefox doesn't. I checked the settings in Firefox and all is good.

Virus's being found:

TSPY_VBSTST.I
TROJ_AGENT.GZU
TROJ_PURITY.R (this was found in 2 separate files)

I also have a bunch of balloons on the bottom right blinking and flashing at me about Spyware but I'm pretty sure most are just more Malware crap. Its getting alot worse

Ried · 12-01-2006, 09:46 AM

Hello Socha_62,

Unfortunately, the cleaning you've been doing has kept any entries from showing themselves in HijackThis--we can't fix what we can't see.

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Socha_62 · 12-01-2006, 01:16 PM

After it rebooted there was some new stuff on my desktop that I didn't put there. Online Security Guide, Security Troubleshooting, and VirusBusters. Heres the Log.

Jason - 06-12-01 16:04:23.20 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\{3818518E-0BB0-1033-0331-060506220001}
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{9818518E-0BB0-1033-0331-060506220001}

((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))

2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 12:08 77,824 --a------ C:\WINDOWS\system32\tpedvf.dll
2006-12-01 12:08 <DIR> d-------- C:\Program Files\Virus-Bursters
2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll
2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll
2006-12-01 12:00 72,704 --a------ C:\WINDOWS\system32\drvtum.dll
2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1
2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-12-01 16:02 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvtum.dll,startup"
"txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb"
"Virus-Bursters"="C:\\Program Files\\Virus-Bursters\\virus-bursters.exe /h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"expatriates"="{1a01a98c-4f25-42e1-971a-185cf63569b2}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-01 16:10:43.76

Ried · 12-01-2006, 06:52 PM

Hello Socha_62,

Please humor me here for a moment. I'm seeing entries in the ComboFix.txt that normally should be showing in the HJT log. We already know how a particular infection interferes with HijackThis to hide itself--I'm wondering if they've now changed their tactics which would ultimately affect how we deal with future logs.

**Note** Before we begin, please move HiJackThis to it's own folder, like c:\HJT or even your desktop would be fine. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

You may need to download HijackThis again as combofix does clean the temp directory:

Download HijackThis 1.99.1. Double-click on the file you just downloaded. Click on the "Unzip" button to install. Please ensure it is not set to unzip into the Temp directory--By default it should install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

-------------------------------

Next, I'd like you to rename HijackThis.exe to Socha.exe.

Navigate to the location you've placed HijackThis.
Right click on HijackThis.exe
Select 'Rename'
Type in Socha.exe
Press Enter.

Please run another scan with Socha.exe .

Please post that log here before you carry out the next set of instructions:

-------------------------------

I don't want to keep you waiting to begin cleaning the system, so we'll go after Virus Bursters, etc., first--we'll get the rest in the next round.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download SmitfraudFix (by S!Ri) and extract the content (a folder named SmitfraudFix) to your Desktop.

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

----------------------------------------------------

Reboot into Normal Mode.

----------------------------------------------------

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

----------------------------------------------------

Run combofix.exe once again.

----------------------------------------------------

Run another scan with Socha.exe and save the log.

----------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
ComboFix.txt
Hijackthis log (Socha.exe)

Socha_62 · 12-02-2006, 04:50 PM

Alright, thats weird some stuff isn't showing up in HTJ. I'm not doing anything until you tell me to except removing those virus when they're found. Heres the new HJT. Thanks again!!

----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:49:07 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virus-Bursters\virus-bursters.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18CB7F75-24AD-4F16-A6F5-AFD03C9E14DF} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll
O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtum.dll,startup
O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb
O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Socha_62 · 12-02-2006, 05:20 PM

Okay, heres the new logs after the first bit of cleaning.

SmitFraudFix v2.126

Scan done at 20:03:03.75, Sat 12/02/2006
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\tpedvf.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\tpedvf.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\drvtum.dll Deleted
C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk Deleted
C:\DOCUME~1\Jason\Desktop\Virus-Bursters.lnk Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\Jason\STARTM~1\Virus-Bursters 6.3.lnk Deleted
C:\DOCUME~1\Jason\STARTM~1\Programs\Virus-Bursters Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Virus-Bursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Jason - 06-12-02 20:11:27.84 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\My Documents\Software Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 22:17 826,554 ---hs---- C:\WINDOWS\system32\svvwa.bak2
2006-12-01 16:11 <DIR> d-------- C:\WINDOWS\temp
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll
2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll
2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1
2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-02 19:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-02 20:14:27.17
C:\ComboFix2.txt ... 06-12-01 16:10

Logfile of HijackThis v1.99.1
Scan saved at 8:15:37 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll
O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Ried · 12-02-2006, 06:58 PM

Hi Socha_62,

Thank you--that was most helpful.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Close any open browsers.

***************************************************

Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box[/b] then click OK

"%userprofile%\desktop\combofix.exe" /v zlkbjsi kobtkxyl qrsgpbc awvvs iiiihii txvxvj winzwr32

When finished, it shall produce a log for you which will ultimately be named ComboFix2.txt. I'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

------------------------------------------------

Reconnect to the internet to download additional required tools.

------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists:

VSAdd-in

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb

Click 'Fix Checked' and close HijackThis.

------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Folder if it still exists.

C:\Program Files\ VSAdd-in

-----------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware.

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run combofix once again:

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Run a new scan with Socha.exe and save the log.

-----------------------------------

Please include the following in your next reply:

ComboFix2.txt
AVG Anti-Spyware results
Panda results
ComboFix.txt
New HijackThis log (Socha.exe)

Socha_62 · 12-03-2006, 08:12 AM

Jason - 06-12-02 22:27:25.03 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\desktop"
Command switches used :: /v zlkbjsi kobtkxyl qrsgpbc awvvs iiiihii txvxvj winzwr32

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\zlkbjsi.dll
C:\WINDOWS\system32\kobtkxyl.dll
C:\WINDOWS\system32\qrsgpbc.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\iiiihii.dll
C:\WINDOWS\system32\txvxvj.dll
C:\WINDOWS\system32\winzwr32.dll
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

2006-12-02 22:30 42,516 --a------ C:\WINDOWS\system32\mwywthuj.dll
2006-12-02 20:28 <DIR> d-------- C:\Program Files\StepMania
2006-12-02 20:14 <DIR> d-------- C:\WINDOWS\temp
2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-02 22:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-02 22:32:10.60
C:\ComboFix2.txt ... 06-12-02 20:14
C:\ComboFix3.txt ... 06-12-01 16:10

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:36 AM 12/3/2006

+ Scan result:

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP129\A0011401.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP127\A0011211.exe -> Downloader.Zlob.bbe : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.505:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.518:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@netgear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.327:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.328:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.337:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.343:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.344:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.103:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.107:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.198:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.182:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.183:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.188:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.190:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.301:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.302:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.406:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.407:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.401:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.126:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.425:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.367:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.368:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.369:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.372:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.118:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.234:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.235:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.236:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.200:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.528:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.538:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.338:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.339:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.340:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.341:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.544:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.545:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.546:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.547:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.30:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.31:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.32:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.33:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.34:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.564:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.161:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.162:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.163:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.164:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.165:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.166:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.167:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.168:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.169:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.386:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.584:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.585:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.586:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.587:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.588:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.253:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.257:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.258:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.263:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.264:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.266:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.267:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.268:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.269:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.270:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.271:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.272:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.273:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.274:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.275:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.276:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.277:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.278:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.279:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.280:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.281:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.282:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.283:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.284:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.285:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.289:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.291:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.292:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.293:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.294:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.334:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.612:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.613:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.614:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.615:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.616:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.617:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.618:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.619:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.621:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.622:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.623:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.624:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.556:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.557:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.558:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.559:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.560:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jgkegnv1.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.221:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.222:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.223:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.224:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.173:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.177:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.179:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.189:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.192:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.193:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\All Users\Documents\Files to Save\UG-NX3\disc 1\nx-ugdoc-3.0.0\ugdoc030\UGDOC.cab/_3489A42768A5413D87DBCED163BCD5E6 -> Trojan.KillAV.p : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Files to Save\UG-NX3\disc 1\ugdoc030\UGDOC.cab/_3489A42768A5413D87DBCED163BCD5E6 -> Trojan.KillAV.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0011559.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).

::Report end

Incident Status Location

Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\mwywthuj.dll
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fortunecity[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Cookies\jason@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\My Documents\Software Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\opnnllk.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Jason - 06-12-03 11:07:33.62 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

2006-12-03 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-03 10:13 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-02 22:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-02 22:38 <DIR> d-------- C:\Program Files\Grisoft
2006-12-02 22:32 <DIR> d-------- C:\WINDOWS\temp
2006-12-02 22:30 42,516 --a------ C:\WINDOWS\system32\mwywthuj.dll
2006-12-02 20:28 <DIR> d-------- C:\Program Files\StepMania
2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-03 10:42 -------- d-------- C:\Program Files\MSN Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Internet Explorer
2006-12-03 10:37 -------- d-------- C:\Program Files\Dell Support
2006-12-03 10:36 -------- d-------- C:\Program Files\BAE
2006-12-03 10:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-03 11:08:50.40
C:\ComboFix2.txt ... 06-12-02 22:33
C:\ComboFix3.txt ... 06-12-02 20:14

Logfile of HijackThis v1.99.1
Scan saved at 11:12:39 AM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\mwywthuj.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: iiiihii - iiiihii.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Ried · 12-03-2006, 09:16 AM

Nice work.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please upload this file C:\WINDOWS\system32\9D64738EF4.sys to http://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

-------------------------------------

Close any open browsers.

-------------------------------------

Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /v mwywthuj opnnllk

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

From Normal Mode:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\mwywthuj.dll
O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: iiiihii - iiiihii.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Reboot your system.

-----------------------------------

Run another online scan at Panda and save the results.

-----------------------------------

Run another scan with Socha.exe and save the log.

-----------------------------------

Please include the following in your next reply:

jotti results
ComboFix.txt
Panda results
New HijackThis log (Socha.exe)

How is your system behaving?

Socha_62 · 12-03-2006, 12:56 PM

Awesome. Its running just like it use to. Perfect! Only problem is that Pc Cillin is finding CRCK_NSWORKS.A in a few files. It turns out one of my housemates was stick some files in my Shared folder and they're infected with it. So I've gone in and deleted the whole folder. Hopefully that should fix it. These files were never installed, just put in the Shared folder.

Service
Service load:
0% 100%
File: 9D64738EF4.sys
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 5510bab9317122f84c277d299613acb4
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Jason - 06-12-03 14

17.87 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\desktop"
Command switches used :: /v mwywthuj opnnllk

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mwywthuj.dll
C:\WINDOWS\system32\opnnllk.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

2006-12-03 11:08 <DIR> d-------- C:\WINDOWS\temp
2006-12-03 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-02 22:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-02 22:38 <DIR> d-------- C:\Program Files\Grisoft
2006-12-02 20:28 <DIR> d-------- C:\Program Files\StepMania
2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-03 11:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-03 10:42 -------- d-------- C:\Program Files\MSN Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Internet Explorer
2006-12-03 10:37 -------- d-------- C:\Program Files\Dell Support
2006-12-03 10:36 -------- d-------- C:\Program Files\BAE
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-03 14:14:31.29
C:\ComboFix2.txt ... 06-12-03 11:08
C:\ComboFix3.txt ... 06-12-02 22:33

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fortunecity[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Cookies\jason@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Cookies\jason@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\My Documents\Software Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 3:47:47 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Ried · 12-03-2006, 05:58 PM

Hi Socha_62,

Quote:

PCillin is finding CRCK_NSWORKS.A in a few files....So I've gone in and deleted the whole folder. Hopefully that should fix it.... These files were never installed, just put in the Shared folder.

I take it PCillin is no longer detecting this?

-------------------------------

Just some tidying up to do.

Clear Mozilla Firefox cookies:
Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear

-----------------------------------

Clear Internet Explorer Cookies: (you do not need to be connected to the internet to perform this)
Launch Internet Explorer>Tools>Internet Options>Delete Cookies

-----------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bolded text into Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

-----------------------------------

You should be all set now. If there aren't any more problems, please continue with these final instructions and helpful links.

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Now navigate to C:\ie-spyad. Double click to open it.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.

Socha_62 · 12-03-2006, 07:20 PM

Thank you! everything is back to normal and working perfect!

11-30-2006, 01:30 PM	#1 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Hijack log help! Howdy, the other day I apparently went to a "bad" site and some stuffs been going wrong immediately. My virus program PC-Cillin instantly picked up two virus it found, a Trojan and some other one. I deleted them, through the program following the instructions ect. Now I'm getting IE pop ups randomly, I use Firefox 2.0 too. I've had this comp for about 6 months and its been awesome, I take care of it and don't let any of that crap on here, this is the first problem I've had. I ran Spybot and Ad-Aware and cleaned it all up but I still get these pop ups. I want to squash it before it gets out of control. Also I had the 2 virus pop up again caught by PC Cillin, deleted them ect. I've used HiJack on many other computers so I'm fimiliar with all the steps and such, just need to know exactly what to do! Thanks! Also its XP Pro -------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 4:31:04 PM, on 11/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\Jason\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvid.dll,startup O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

12-01-2006, 09:46 AM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,972 OS: WinXP and Vista	Hello Socha_62, Unfortunately, the cleaning you've been doing has kept any entries from showing themselves in HijackThis--we can't fix what we can't see. Download Combofix and save it to your desktop. Note: It is important that it is saved directly to your desktop ------------------------------------- Close any open browsers. ------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post the ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 12-01-2006 at 09:47 AM.

12-01-2006, 06:52 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,972 OS: WinXP and Vista	Hello Socha_62, Please humor me here for a moment. I'm seeing entries in the ComboFix.txt that normally should be showing in the HJT log. We already know how a particular infection interferes with HijackThis to hide itself--I'm wondering if they've now changed their tactics which would ultimately affect how we deal with future logs. Note Before we begin, please move HiJackThis to it's own folder, like c:\HJT or even your desktop would be fine. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later. You may need to download HijackThis again as combofix does clean the temp directory: Download HijackThis 1.99.1. Double-click on the file you just downloaded. Click on the "Unzip" button to install. Please ensure it is not set to unzip into the Temp directory--By default it should install to the directory - C:\PROGRAM FILES\HIJACKTHIS\ ------------------------------- Next, I'd like you to rename HijackThis.exe to Socha.exe. Navigate to the location you've placed HijackThis. Right click on HijackThis.exe Select 'Rename' Type in Socha.exe Press Enter. Please run another scan with Socha.exe . Please post that log here before you carry out the next set of instructions: ------------------------------- I don't want to keep you waiting to begin cleaning the system, so we'll go after Virus Bursters, etc., first--we'll get the rest in the next round. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ************************************************* Download SmitfraudFix (by S!Ri) and extract the content (a folder named SmitfraudFix) to your Desktop. ----------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. ----------------------------------- Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter*. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes* by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ______________________________ Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: · "Security Info" · "Warning Message" · "Security Desktop" · "Warning Homepage" · "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. ---------------------------------------------------- Reboot into Normal Mode. ---------------------------------------------------- Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ---------------------------------------------------- Run combofix.exe once again. ---------------------------------------------------- Run another scan with Socha.exe and save the log. ---------------------------------------------------- Then post the following logs in your next reply... c:\rapport.txt ComboFix.txt Hijackthis log (Socha.exe) __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

12-02-2006, 06:58 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,972 OS: WinXP and Vista	Hi Socha_62, Thank you--that was most helpful. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ************************************************* Close any open browsers. *********************************************** Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box[/b] then click OK "%userprofile%\desktop\combofix.exe" /v zlkbjsi kobtkxyl qrsgpbc awvvs iiiihii txvxvj winzwr32 When finished, it shall produce a log for you which will ultimately be named ComboFix2.txt. I'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ------------------------------------------------ Reconnect to the internet to download additional required tools. ------------------------------------------------ Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. ------------------------------------------------ Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists: VSAdd-in ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries: O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing) O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb Click 'Fix Checked' and close HijackThis. ------------------------------------------------ Go to My Computer->Tools->Folder Options->View** tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ----------------------------------- Using 'My Computer', navigate to and delete the following Folder if it still exists. C:\Program Files\ VSAdd-in ----------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, Please ensure it is set to Quarantine then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware. AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. ----------------------------------- Reboot into Normal Mode. ----------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan ----------------------------------- Run combofix once again: Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post the ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- Run a new scan with Socha.exe and save the log. ----------------------------------- Please include the following in your next reply: ComboFix2.txt AVG Anti-Spyware results Panda results ComboFix.txt New HijackThis log (Socha.exe) __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 12-02-2006 at 07:48 PM. Reason: typo

12-03-2006, 09:16 AM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,972 OS: WinXP and Vista	Nice work. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ************************************************* Please upload this file C:\WINDOWS\system32\9D64738EF4.sys to http://virusscan.jotti.org and report back what it found. At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit". When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here. ------------------------------------- Close any open browsers. ------------------------------------- Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box then click OK "%userprofile%\desktop\combofix.exe" /v mwywthuj opnnllk When finished, it shall produce a log for you. We'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- From Normal Mode: Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\mwywthuj.dll O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll (file missing) O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing) O20 - Winlogon Notify: iiiihii - iiiihii.dll (file missing) Click 'Fix Checked'** and close HijackThis. ----------------------------------- Reboot your system. ----------------------------------- Run another online scan at Panda and save the results. ----------------------------------- Run another scan with Socha.exe and save the log. ----------------------------------- Please include the following in your next reply: jotti results ComboFix.txt Panda results New HijackThis log (Socha.exe) How is your system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

12-01-2006, 09:29 AM	#2 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	It won't let me edit the first post for some reason, theres no "edit" button of the whole page... New problems, I can't download anything. I right click and Save Target As and the Downloads box thats suppose to pop up in Firefox doesn't. I checked the settings in Firefox and all is good. Virus's being found: TSPY_VBSTST.I TROJ_AGENT.GZU TROJ_PURITY.R (this was found in 2 separate files) I also have a bunch of balloons on the bottom right blinking and flashing at me about Spyware but I'm pretty sure most are just more Malware crap. Its getting alot worse

12-01-2006, 01:16 PM	#4 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	After it rebooted there was some new stuff on my desktop that I didn't put there. Online Security Guide, Security Troubleshooting, and VirusBusters. Heres the Log. Jason - 06-12-01 16:04:23.20 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ixt0.dll C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\Program Files\Common Files\{3818518E-0BB0-1033-0331-060506220001} C:\Program Files\Safety Bar C:\WINDOWS\system32\components C:\Program Files\Common Files\{9818518E-0BB0-1033-0331-060506220001} ((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 )))))))))))))))))))))))))))))))))) 2006-12-01 16:08 <DIR> d-------- C:\WINNT 2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt 2006-12-01 12:08 77,824 --a------ C:\WINDOWS\system32\tpedvf.dll 2006-12-01 12:08 <DIR> d-------- C:\Program Files\Virus-Bursters 2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll 2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll 2006-12-01 12:00 72,704 --a------ C:\WINDOWS\system32\drvtum.dll 2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll 2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss 2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft 2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft 2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in 2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1 2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll 2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll 2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR 2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe 2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe 2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll 2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD 2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock 2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod 2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime 2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update 2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys 2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files 2006-12-01 16:02 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe 2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe 2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk 2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer 2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks 2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys 2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick 2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins 2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line 2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX 2006-10-22 22:59 -------- d-------- C:\Program Files\DivX 2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire 2006-10-09 12:26 -------- d-------- C:\Program Files\Java 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="stsystra.exe" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvtum.dll,startup" "txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb" "Virus-Bursters"="C:\\Program Files\\Virus-Bursters\\virus-bursters.exe /h" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C671A733-A4AA-4B5F-8CEE-006242C457B5}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "expatriates"="{1a01a98c-4f25-42e1-971a-185cf63569b2}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-12-01 16:10:43.76

12-02-2006, 04:50 PM	#6 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Alright, thats weird some stuff isn't showing up in HTJ. I'm not doing anything until you tell me to except removing those virus when they're found. Heres the new HJT. Thanks again!! ---------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:49:07 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Virus-Bursters\virus-bursters.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HJT\hijackthis\Socha.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18CB7F75-24AD-4F16-A6F5-AFD03C9E14DF} - C:\WINDOWS\system32\awvvs.dll O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtum.dll,startup O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

12-02-2006, 05:20 PM	#7 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Okay, heres the new logs after the first bit of cleaning. SmitFraudFix v2.126 Scan done at 20:03:03.75, Sat 12/02/2006 Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" [HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32] @="C:\WINDOWS\system32\tpedvf.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32] @="C:\WINDOWS\system32\tpedvf.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\tpedvf.dll -> Hoax.Win32.Renos.gen.i C:\WINDOWS\system32\tpedvf.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\drvtum.dll Deleted C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk Deleted C:\DOCUME~1\Jason\Desktop\Virus-Bursters.lnk Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url Deleted C:\DOCUME~1\Jason\STARTM~1\Virus-Bursters 6.3.lnk Deleted C:\DOCUME~1\Jason\STARTM~1\Programs\Virus-Bursters Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\Virus-Bursters\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Jason - 06-12-02 20:11:27.84 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\My Documents\Software Downloads" ((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 )))))))))))))))))))))))))))))))))) 2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT 2006-12-01 22:17 826,554 ---hs---- C:\WINDOWS\system32\svvwa.bak2 2006-12-01 16:11 <DIR> d-------- C:\WINDOWS\temp 2006-12-01 16:08 <DIR> d-------- C:\WINNT 2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt 2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll 2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll 2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll 2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss 2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft 2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft 2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in 2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1 2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll 2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll 2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR 2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe 2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe 2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll 2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD 2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock 2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod 2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime 2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update 2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys 2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-02 19:55 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files 2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe 2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe 2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk 2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer 2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks 2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys 2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick 2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins 2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line 2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX 2006-10-22 22:59 -------- d-------- C:\Program Files\DivX 2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire 2006-10-09 12:26 -------- d-------- C:\Program Files\Java 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="stsystra.exe" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C671A733-A4AA-4B5F-8CEE-006242C457B5}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-12-02 20:14:27.17 C:\ComboFix2.txt ... 06-12-01 16:10 Logfile of HijackThis v1.99.1 Scan saved at 8:15:37 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJT\hijackthis\Socha.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

12-03-2006, 07:20 PM	#13 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Thank you! everything is back to normal and working perfect!