my comps slow and it crashes everytime i'm not in safe mode

[gardjim]

Logfile of HijackThis v1.99.1
Scan saved at 5:24:13 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
O4 - HKLM\..\Run: [0062381169075167mcinstcleanup] C:\DOCUME~1\GARDJI~1\LOCALS~1\Temp\006238~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels88.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe

[Ried]

Hello gardjim and welcome,

If you still require assistance, please do the following:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

******************************************

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

Do not do anything with these yet.

--------------------------------------------------------------------

**If you've used Safe Mode with Networking, close any open browsers now and reboot into Safe Mode (without networking)

Reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels88.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files if they still exist.

C:\WINDOWS\system32\ brrotate.dll
C:\WINDOWS\system32\ qwertybot.exe

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Now, please go to Start > My Computer and navigate to the C:BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it.
• Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

See if you can perform an online scan. If not, please continue with the remaining instructions.

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
• Click on see report. Then click Save report

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG A/S results
Panda results (if you were able to complete one)
ComboFix.txt
New HijackThis log

[gardjim]

Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\lnwin.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

AVG Anti-Spyware - Scan Report
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253509.dll -> Adware.SmartShoppe : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253510.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253511.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253512.exe -> Adware.Softomate : Ignored.
C:\Documents and Settings\Gard Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\3w26swec.default\Cache\CD0E5446d01 -> Downloader.Agent.ab : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253500.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253501.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253502.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253503.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253504.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\aaaaaaay.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\aaaaaawr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\aaaaaaxe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\aaaaaeir.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\aaaaaejq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwelg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrweop.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwepg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwetf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrweye.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwihy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwioj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwiqk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwiqy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwite.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwiyw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrwowx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtiba.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtifj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtiry.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtmfp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtmqj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtmqr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtmue.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjtmus.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqmgw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqmlm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqmlx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqmom.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqmpr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqqcr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqqlx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqqpp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqqwf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqqwx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwap.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwfg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwfq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwjd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwsa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbqwsf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnbpr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnbys.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqdd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqif.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqiw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqjd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqvd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqvk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqwg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnqyl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsnuqe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkfaq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkudy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkugw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkuke.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkuse.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkutx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkuwq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkycl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkydf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkyhl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkykp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkynw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukkyny.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdid.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdie.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdnr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdpw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdtg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchdue.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchjhj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\sltchyjp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\dgyrwimx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\myvsnbyw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\pfukkugp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\pfukkyjg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\sltchyng.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\vrstedok.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\vrstehgd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstedna.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstedvp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstehcd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstehcr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstehtm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\vrstehve.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\aaaaaeax.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\jswbqmoj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\jswbqqbl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\myvsnqyl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\myvsnuul.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\pfukkfqs.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\pfukkuvk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\dgyrwekw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\gmxjtiqy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\gmxjtmym.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\jswbqmre.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\myvsnuhp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\myvsnuyw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\sltchjfs.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\aaaaaalf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\aaaaaaqe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\dgyrweep.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\dgyrwerj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\dgyrwevy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\dgyrwiof.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\gmxjtiqp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\gmxjtmyf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\gmxjtskg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\jswbqqfg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\myvsnqgw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\pfukkudy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\pfukkund.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\sltchycm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\sltchygk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\sltchyty.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\CDRWIN3\vrstehep.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\aaaaaeak.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\gmxjtite.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\gmxjtmbe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\jswbqmqx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\jswbqqby.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\myvsnbij.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\myvsnqpd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\myvsnqqx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\myvsnqws.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\myvsnupf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\pfukkuhw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\pfukkuwd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\pfukkykl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\vrstedpp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\vrstedsf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\vrstehmm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\aaaaaabf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\aaaaaair.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\aaaaaeed.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\aaaaaeud.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\aaaaakoy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwebl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwedf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwejk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrweus.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwibx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwifs.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwisa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwity.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\dgyrwold.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\aaaaaegk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\dgyrwejk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\dgyrweur.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\dgyrwexf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\dgyrwiim.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\gmxjtipk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\gmxjtiwf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\gmxjtmdr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\jswbqqxe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\jswbqwhp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\myvsnqsw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\pfukkugw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\pfukkuux.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\sltchyol.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\vrsteddj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\vrstehks.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\aaaaaalw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\dgyrweie.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\jswbqmeq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\jswbqmls.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\jswbqmsl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\myvsnupr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\pfukkuup.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\sltchddm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\sltchdyw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\sltchjmy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\sltchyff.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\sltchyis.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\vrstedua.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\vrstedwg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\vrstehkm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\vrstehwm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\Sys\dgyrwibj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\Sys\gmxjtmhp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\aaaaakwq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\dgyrwehg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\dgyrwipw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\dgyrwiqq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\gmxjtitj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\gmxjtmja.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\gmxjtmjf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\myvsnqkm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\myvsnqrp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\pfukkumj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\pfukkuym.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\sltchdcf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\sltchdcm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\sltchyhg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\vrstedgm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\vrstedpp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\vrstedup.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\gmxjtihm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\gmxjtixa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\gmxjtmsw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\jswbqmiq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\jswbqmml.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqds.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqiw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqoe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqoj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqpl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqsk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqss.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnqvy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnujm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnuld.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnuuk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\myvsnuve.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkual.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkudk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkuem.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkune.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkuyj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkyaa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkybe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\pfukkygk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\sltchdly.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\sltchdtj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\sltchdwq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\sltchyfq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\sltchyjq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstedbj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstedcd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstedfd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstedtr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstedyg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstehmp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\DELL\vrstenwj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\HM1cf3n.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\JoX57M0.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\PKBEEfo.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\Q11K6Bm.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\W6CB03v.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\bmWsth1.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\bwl32Dg.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gard Jim\f3MlKl0.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\AcGDQ2s.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\Iod5UCE.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\i0E0776.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\ig7O3J1.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\nvs313W.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\s2QQo15.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\u0HU71X.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\vLS16Ao.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\wEv0MTw.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\wPW1vFU.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\Documents and Settings\jessica.D3G1SF61\xmSFAiV.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0241513.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0247429.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253508.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262851.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262888.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262890.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262891.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262892.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262893.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262894.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262895.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262896.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262897.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262899.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263038.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263039.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263041.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263042.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263043.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267024.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267025.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267027.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267028.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276111.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Rki6g2P.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\alsys.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\clcbt.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaais.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaamr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaapl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaaps.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaaqe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaaqp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaaqr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaaxa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\aaaaaeiw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\bfu\aaaaaaqq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\bfu\myvsnqkg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\bfu\vrstedmg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwefw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwefy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwega.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrweje.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwejq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwelj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwerk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwewj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwewx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\dgyrwivr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtidp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtikj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtikw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtill.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtitk.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtixq.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\gmxjtmyp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqmjm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqmjs.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqmoe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqqgp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqqke.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqqyr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\jswbqwom.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnbgx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqgl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqgw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqka.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqkl.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqlx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqms.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsnqss.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\myvsrgij.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkuel.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkuis.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkumg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkung.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkuqg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\pfukkurd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchddw.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchdte.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchjsj.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyaf.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchycg.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyck.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyfe.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyhm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyhr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyhs.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyoa.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyss.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\sltchyxd.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstedfr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstedva.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstedvr.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstedyp.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstehjy.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstehvm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstehvx.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\vrstenlm.t -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253499.exe -> Downloader.Small.agq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\A0241493.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253492.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253493.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253494.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253495.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253496.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253497.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253498.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253505.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742\A0262674.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262887.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262942.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263965.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263970.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0264016.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0264045.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267029.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0270013.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0271026.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0271045.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0272064.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0272068.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276066.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276086.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276109.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wincom32.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253513.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignored.
C:\169ca093fdeec9a58b09652855b6fe\aaaayfgd.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\dgyrvjim.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\gmxjsnsf.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\jswbprys.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsmvbf.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsmvbp.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsmvfj.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsmvfp.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\myvsmvfq.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukjahd.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\pfukjale.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\169ca093fdeec9a58b09652855b6fe\update\jswbprux.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\aaaayfgm.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\3b1ccc9ab8afc9bccc6583c6\update\pfukjalq.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\CDRWIN3\aaaayfkd.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\Utilities\Driver Reset Tool\vrstdigd.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\aaaayfkp.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\drivers\R92022\dgyrvjuk.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\jswbprhy.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\drivers\R94481\dgyrvjug.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\jswbprhq.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\DELL\sltcgeam.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O909C5EL\game5[1].exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QHWLA10L\game0[1].exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0264039.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267026.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0272067.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0272069.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276122.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\b0O5q16.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\game0.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\game5.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\w40wP02.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\myvsmvfe.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\pfukjapx.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\sltcgerq.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\vrstdipa.t -> Proxy.Lager.dp : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.228:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.229:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.17:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@www.burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.70:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.18:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.115:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.116:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.117:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.118:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.102:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.107:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.108:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.173:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.176:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.177:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.193:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.7:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.8:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.226:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.246:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.247:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.248:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.249:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.269:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.270:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.79:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.80:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.81:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.82:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.83:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.29:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.30:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.31:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.100:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gard Jim\Cookies\gard jim@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253506.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0262898.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743\A0263040.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0264042.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0265011.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0267014.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0269015.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0270095.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0271017.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0271038.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744\A0272058.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0272070.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276060.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276084.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276107.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745\A0276121.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\adir.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0253507.dll -> Worm.Locksky.aq : Cleaned with backup (quarantined).
report end

[gardjim]

Service Pack 2 ComboFix Running from: "C:\Documents and Settings\Gard Jim\Desktop"
Other Deletions
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\dlh9jkd1q1.exe
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\adir.dll
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\zlbw.dll
C:\Program Files\Common Files\{3CEE8~1
C:\Program Files\Common Files\{5CEE8~1
C:\Documents and Settings\All Users\Documents\Settings
Purity
Folders Quarantined:
C:\qoobox\purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\SYSTEM32\MBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPATCH~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPPATC~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SKS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\STEM~1
C:\qoobox\purity\WINDOWS\SYSTEM32\WNSXS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1\?ymbols

Files Created from 2006-12-29 to 2007-01-29

2007-01-27 18:46 35,786 --a------ C:\WINDOWS\SYSTEM32\D3ve67b.exe
2007-01-27 18:44 50,634 --a------ C:\WINDOWS\SYSTEM32\game3.exe
2007-01-27 18:44 35,786 --a------ C:\WINDOWS\SYSTEM32\nVdOI3K.exe
2007-01-25 19:54 36,462 --a------ C:\WINDOWS\SYSTEM32\vnMOn87.exe
2007-01-25 17:23 <DIR> d-------- C:\bintheredunthat
2007-01-25 14:33 54,382 --a------ C:\WINDOWS\SYSTEM32\game.exe
2007-01-25 14:33 36,462 --a------ C:\WINDOWS\SYSTEM32\vk6p5L3.exe
2007-01-25 01:35 <DIR> d-------- C:\bfu
2007-01-23 10:59 6,254 --a------ C:\WINDOWS\SYSTEM32\lnwin.exe
2007-01-22 04:42 <DIR> d-------- C:\DOCUME~1\GARDJI~1\Application Data\SiteAdvisor
2007-01-22 01:46 6,254 --a------ C:\WINDOWS\SYSTEM32\adirss.exe
2007-01-22 01:46 6,090 --a------ C:\WINDOWS\SYSTEM32\game4.exe
2007-01-22 01:46 6,090 --a------ C:\WINDOWS\SYSTEM32\game2.exe
2007-01-22 01:46 6,090 --a------ C:\WINDOWS\SYSTEM32\game1.exe
2007-01-18 04:47 <DIR> d-------- C:\DOCUME~1\JESSIC~1.D3G\Application Data\Viewpoint
2007-01-17 18:04 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-17 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-17 06:15 345 --a------ C:\WINDOWS\SYSTEM32\dap.exe
2007-01-16 23:28 <DIR> d-------- C:\DOCUME~1\GARDJI~1\.housecall6.6
2007-01-15 07:34 24,072 --a------ C:\WINDOWS\SYSTEM32\uxtuneup.dll
2007-01-14 03:24 <DIR> d-------- C:\Program Files\Snood
2007-01-12 23:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-12 23:22 <DIR> d-------- C:\Program Files\AIM6
2007-01-12 05:56 <DIR> d-------- C:\Program Files\WinBudget
2007-01-11 18:33 <DIR> d-------- C:\DOCUME~1\GARDJI~1\Application Data\Viewpoint
2007-01-03 20:06 <DIR> d-------- C:\3b1ccc9ab8afc9bccc6583c6
2007-01-03 20:04 <DIR> d-------- C:\169ca093fdeec9a58b09652855b6fe
2007-01-03 03:30 <DIR> d-------- C:\Program Files\All Video Joiner


Find3M Report


2007-01-29 08:08 -------- d-------- C:\Program Files\mozilla firefox
2007-01-26 18:58 -------- d-------- C:\Program Files\grisoft
2007-01-26 18:08 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-01-26 18:07 -------- d-------- C:\Program Files\spywareguard
2007-01-26 18:06 -------- d-------- C:\Program Files\smartftp client 2.0
2007-01-26 18:02 -------- d-------- C:\Program Files\limewire
2007-01-26 17:57 -------- d-------- C:\Program Files\google
2007-01-26 06:11 -------- d-------- C:\Program Files\h-vision
2007-01-22 05:00 -------- d-------- C:\Program Files\aim
2007-01-22 04:53 -------- d---s---- C:\DOCUME~1\GARDJI~1\Application Data\microsoft
2007-01-22 04:42 -------- d-------- C:\Program Files\partygaming
2007-01-22 04:42 -------- d-------- C:\Program Files\mcafee.com
2007-01-22 04:42 -------- d-------- C:\Program Files\auvisoft audio splitter joiner
2007-01-22 04:42 -------- d-------- C:\Program Files\anti-leech
2007-01-22 04:42 -------- d-------- C:\Program Files\accessdiver
2007-01-21 06:12 -------- d--h----- C:\Program Files\installshield installation information
2007-01-21 06:11 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-21 06:11 -------- d-------- C:\Program Files\aol
2007-01-17 23:02 -------- d-------- C:\Program Files\motorola phone tools
2007-01-17 23:02 -------- d-------- C:\Program Files\Common Files\companion wizard
2007-01-17 22:27 12524 --ahsc--- C:\WINDOWS\SYSTEM32\kgygaavl.sys
2007-01-17 17:38 -------- d-------- C:\Program Files\palmone
2007-01-17 17:28 -------- d-------- C:\Program Files\audio edit
2007-01-17 17:27 -------- d-------- C:\Program Files\addebugger
2007-01-15 07:20 -------- d-------- C:\Program Files\spywareblaster
2007-01-15 07:19 -------- d-------- C:\Program Files\supercleaner
2007-01-14 20:41 -------- d-------- C:\DOCUME~1\GARDJI~1\Application Data\avg7
2007-01-12 23:23 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-11 20:19 -------- d-------- C:\Program Files\quicktime
2007-01-11 03:42 39751 --a------ C:\WINDOWS\SYSTEM32\brrot-uninst.exe
2007-01-03 20:06 -------- d-------- C:\Program Files\windows media connect 2
2007-01-03 05:04 -------- d-------- C:\Program Files\bitlord
2007-01-02 06:24 -------- d-------- C:\Program Files\videofixer
2006-12-28 02:16 -------- d-------- C:\Program Files\ghostsurf
2006-12-26 20:44 -------- d-------- C:\DOCUME~1\GARDJI~1\Application Data\tenebril
2006-12-26 16:24 816672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-12-26 16:24 499712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-12-26 16:24 3968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-12-26 16:24 348160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-12-26 16:24 28416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-12-21 04:43 -------- d-------- C:\Program Files\wmr11
2006-12-12 20:23 -------- d-------- C:\Program Files\visual zip password recovery
2006-12-12 18:37 49 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb41.dat
2006-12-12 18:37 382 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb1942.dat
2006-12-12 01:36 69632 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4827.dat
2006-12-12 01:36 151 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb9680.dat
2006-12-12 01:36 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4306.dat
2006-12-05 03:58 -------- d-------- C:\Program Files\videoredoplus
2006-12-03 18:55 -------- d-------- C:\Program Files\dvdsanta
2006-11-19 20:46 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4890.dat
2006-11-19 19:38 145 --a-s---- C:\WINDOWS\test.bat
2006-11-19 19:35 1484 --a------ C:\37811723.exe
2006-11-19 19:34 1484 --a------ C:\21825628.exe
2006-11-19 19:33 1484 --a------ C:\46467261.exe
2006-11-19 19:32 1484 --a------ C:\15958717.exe
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb8771.dat
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb5436.dat
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb2971.dat
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-01 14:54 180224 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2006-10-23 01:16 9216 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb8467.dat
2006-10-23 01:16 23 --a------ C:\DOCUME~1\GARDJI~1\Application Data\inifile41.ini
2006-10-23 01:16 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb6334.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Hide IP Platinum"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe"
"Agent"="C:\\WINDOWS\\system32\\alsys.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"qwertybot.exe"="C:\\WINDOWS\\system32\\qwertybot.exe"
"sysinter"="C:\\WINDOWS\\system32\\adirss.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
@=""
"lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124425863\\ee\\AOLHostManager.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=dword:00000000
"Mn@mlrf"=dword:00000000
"MnOndNeg"=dword:00000000
"MnQtm"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070125-014409-361
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)
backup-20070125-014409-399
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
backup-20070125-014409-932
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
backup-20070125-014408-550
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
backup-20070125-014408-934
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
backup-20070125-014408-795
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
backup-20070125-014408-133
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
backup-20070125-014408-635
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
backup-20070125-014408-587
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
backup-20070125-014408-802
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
backup-20070125-014408-845
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
backup-20070125-014408-667
O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
backup-20070122-045253-577
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070122-045253-382
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
backup-20070122-045253-797
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20060115-030544-763
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinpsap.exe FI002
backup-20060115-030544-734
O4 - HKLM\..\Run: [{E8-8D-DE-E5-ZN}] C:\WINDOWS\SYSTEM32\rodsregl.exe FI002
backup-20060115-030544-568
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
backup-20060115-021309-129
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\pwinpsap.exe
backup-20060115-021309-819
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\rodsregl.exe
backup-20060114-133109-167
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
backup-20060114-133109-395
O4 - HKLM\..\Run: [{E8-8D-DE-E5-ZN}] C:\windows\system32\rodsregl.exe FI002
backup-20060114-133109-498
O4 - HKCU\..\Run: [mmuk] C:\Program Files\Common Files\mmuk\mmukm.exe
backup-20060114-133109-299
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
backup-20060114-133109-282
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\SYSTEM32\ngsh35.dll
backup-20060114-133109-209
O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe
backup-20060114-133109-365
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20051215-225239-603
O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab
backup-20051215-225239-624
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
backup-20051215-225239-677
O4 - HKLM\..\Run: [cpcy] C:\WINDOWS\system32\aopxkf\cpcy.exe
backup-20051215-225239-663
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\owdxregs.exe DO0605
backup-20051215-225239-801
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
backup-20051215-225239-534
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
backup-20051215-225239-417
O4 - HKLM\..\Run: [tecea0aq] C:\WINDOWS\system32\tecea0aq.exe
backup-20051215-225239-669
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
backup-20051215-225239-349
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
backup-20051215-225239-267
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
backup-20051215-225239-181
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20051215-225239-154
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qsysyu6d.exe DO0605
backup-20051215-225239-107
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l44xls.exe reg_run
backup-20051215-225239-440
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051215-225239-366
R3 - Default URLSearchHook is missing
backup-20051215-225239-129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20051215-225239-212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051109-155744-999
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
backup-20051109-110128-822
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.shopathomeselect.co...ll4110_sp2.cab
backup-20051109-110128-194
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20051109-110128-343
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.co...sm1009_sp2.cab
backup-20051109-110127-313
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20051109-110127-739
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
backup-20051109-110127-341
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/18...bridge-c18.cab
backup-20051109-110127-331
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
backup-20051109-110127-843
O15 - Trusted Zone: *.elitemediagroup.net
backup-20051109-110127-602
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qsysyu6d.exe
backup-20051109-110127-107
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\owdxregs.exe DO0605
backup-20051109-110127-348
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qsysyu6d.exe DO0605
backup-20051109-110127-864
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
backup-20051109-110127-267
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
backup-20051109-110127-623
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l44xls.exe reg_run
backup-20051109-110127-849
O4 - HKLM\..\Run: [cpcy] C:\WINDOWS\system32\aopxkf\cpcy.exe
backup-20051109-110127-856
O4 - HKLM\..\Run: [tecea0aq] C:\WINDOWS\system32\tecea0aq.exe
backup-20051109-110127-340
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
backup-20051109-110127-249
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
backup-20051109-110127-603
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
backup-20051109-110127-148
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20051109-110127-783
R3 - Default URLSearchHook is missing
backup-20051109-110127-876
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20051109-110127-333
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051109-110127-179
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051003-180946-520
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.co...ms1002_sp2.cab
backup-20051003-180946-498
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\qlink32.dll
backup-20051003-180946-852
O4 - Startup: Zstart.lnk = C:\Documents and Settings\Gard Jim\Local Settings\Temp\zxinst12.exe
backup-20051003-180946-715
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qsysyu2d.exe
backup-20051003-180946-625
O4 - HKLM\..\Run: [0gnjp4so] C:\WINDOWS\system32\0gnjp4so.exe
backup-20051003-180946-448
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
backup-20051003-180946-761
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
backup-20051003-180946-811
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
backup-20051003-180946-416
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll (file missing)
backup-20051003-180946-844
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
backup-20050919-182233-517
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
backup-20050919-182233-782
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\qlink32.dll
backup-20050919-182233-102
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.co...ms1002_sp2.cab
backup-20050919-182233-236
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qsysyu2d.exe
backup-20050919-182233-317
O4 - HKCU\..\Run: [System Kernal Support] system.exe
backup-20050919-182233-646
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
backup-20050919-182233-592
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
backup-20050919-182233-591
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
backup-20050919-182233-575
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
backup-20050919-182233-854
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\qsysyu2d.exe DO0605
backup-20050919-182233-100
O4 - HKLM\..\Run: [Pldgul] C:\Program Files\Dppsap\Rqxkjow.exe
backup-20050919-182233-441
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll (file missing)
backup-20050919-182233-907
O4 - HKLM\..\Run: [Installer] C:\dial.exe
backup-20050919-182233-273
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
backup-20050919-182233-708
O4 - HKLM\..\Run: [System Kernal Support] system.exe
backup-20050919-182233-618
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
backup-20050919-182233-877
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
backup-20050919-182233-649
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Completion time: 07-01-29 8:15:14

panda scan

Incident Status Location

Hacktool:Trj/Alanchum.OX Not disinfected c:\windows\system32\taskdir.exe
Spyware:spyware/clearsearch Not disinfected c:\windows\system32\IETie.dll
Hacktool:rootkit/taskdirhide Not disinfected c:\windows\system32\taskdir.exe
Adware:adware/flashtrack Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/consumeralertsystem Not disinfected Windows Registry
Virus:trj/downloader.coy Disinfected Operating system
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Adware:adware/zango Not disinfected Windows Registry
Hacktool:exploit/mhtredir.gen Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{527196A4-B1A3-4647-931D-37BA5AF23037}
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gard Jim\Cookies\gard jim@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gard Jim\Cookies\gard jim@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gard Jim\Cookies\gard jim@dist.belnk[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.xiti.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt[.target.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@doubleclick[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Local Settings\Temp\Cookies\jessica@adopt.hbmediapro[2].txt
Virus:Trj/Clicker.VF Not disinfected C:\Documents and Settings\jessica.D3G1SF61\Local Settings\Temp\s1so[¦%%\brrotate.dll]
Virus:Trj/Alanchum.OU Disinfected C:\Documents and Settings\jessica.D3G1SF61\Local Settings\Temporary Internet Files\Content.IE5\2YQ22YB8\game3[1].exe
Virus:Trj/Alanchum.OU Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K5ABC5CB\game3[1].exe
Hacktool:Trj/Alanchum.OX Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QHWLA10L\game[1].exe
Adware:Adware/AzeSearch Not disinfected C:\HJT\backups\backup-20051109-155744-999.inf
Adware:Adware/AdRotator Not disinfected C:\HJT\backups\backup-20070125-014408-587.dll
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Hacktool:Rootkit/Alanchum.JF Not disinfected C:\WINDOWS\SYSTEM32\adir.dll
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\SYSTEM32\closeapp.exe
Hacktool:Trj/Alanchum.OX Not disinfected C:\WINDOWS\SYSTEM32\game.exe
Virus:Trj/Alanchum.NP Disinfected C:\WINDOWS\SYSTEM32\game0.exe.exe
Virus:Trj/Alanchum.OU Disinfected C:\WINDOWS\SYSTEM32\game3.exe
Adware:Adware/Beginto Not disinfected C:\WINDOWS\SYSTEM32\SearchTool\SearchTool.dll
Adware:Adware/Beginto Not disinfected C:\WINDOWS\SYSTEM32\SmartShopper\uninstallSE.exe
Hacktool:Rootkit/Alanchum.OU Not disinfected C:\WINDOWS\SYSTEM32\wincom32.sys

[Ried]

Hi gardjim,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

--------------------------------------------------------------

Using Internet Explorer, download ResetTeaTimer.bat.

If you are using Firefox, right click the above link and choose ‘Save As’. Save it to your desktop.

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

--------------------------------------------------------------

Disconnect this PC from the internet and close all open programs.

--------------------------------------------------------------

It's crucial that you follow this next step exactly as instructed: Do not multi-task while the scan is running...only DrWeb can be active.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan[*]This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%DoctorWebquarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

**Please note depending on the size of this infection as well as the others you have aboard, Dr Web may take hours to complete--you must let it run its' course.

--------------------------------------------------------------

Run a new scan with HijackThis and post that log along with the DrWeb log.

[gardjim]

Logfile of HijackThis v1.99.1
Scan saved at 1:04:01 AM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

dr. web
gmxjtmaa.t;C:\;Trojan.Spambot;Deleted.;
gmxjtmvs.t;C:\;Trojan.Spambot;Deleted.;
sltchdua.t;C:\;Trojan.Spambot;Deleted.;
sltchdyx.t;C:\;Trojan.Spambot;Deleted.;
aaaaaenl.t;C:\CDRWIN3;Trojan.Spambot;Deleted.;
aaaaaeaw.t;C:\DELL;Trojan.Spambot;Deleted.;
myvsnuqm.t;C:\DELL;Trojan.Spambot;Deleted.;
myvsnuyw.t;C:\DELL;Trojan.Spambot;Deleted.;
gmxjtmir.t;C:\DELL\drivers\R92022;Trojan.Spambot;Deleted.;
jswbqqoe.t;C:\DELL\drivers\R94481;Trojan.Spambot;Deleted.;
myvsnuux.t;C:\DELL\drivers\R94481\SMAXWDM\W2K_XP;Trojan.Spambot;Deleted.;
aaaaaeal.t;C:\DELL\Utilities\Driver Reset Tool;Trojan.Spambot;Deleted.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3899.1.16;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3991.4.16;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4000.1.4;Probably BACKDOOR.Trojan;Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Moved.;
ETRemover_v130.exe;C:\Program Files\HiJackThis\ETRemover_v130;Probably BACKDOOR.Trojan;Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.617;Moved.;
Stream1.dll;C:\Program Files\WMR11;Trojan.Proxy.1381;Deleted.;
A0240486.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730;Trojan.Spambot;Deleted.;
A0240491.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730;Trojan.Spambot;Deleted.;
A0240534.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730;Trojan.Spambot;Deleted.;
A0240538.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730;Trojan.Spambot;Deleted.;
A0240873.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Probably BACKDOOR.Trojan;Moved.;
A0240902.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Probably DLOADER.Trojan;Moved.;
A0240978.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Probably BACKDOOR.Trojan;Moved.;
A0241200.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Probably DLOADER.Trojan;Moved.;
A0241399.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733;Probably DLOADER.Trojan;Moved.;
A0241401.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733;Probably BACKDOOR.Trojan;Moved.;
MFEX-5.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\snapshot;Probably BACKDOOR.Trojan;Moved.;
A0241501.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734;Probably BACKDOOR.Trojan;Moved.;
A0241518.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735;Probably BACKDOOR.Trojan;Moved.;
A0254522.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735;Trojan.Spambot;Deleted.;
A0255677.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP739;Trojan.Spambot;Deleted.;
A0257811.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP740;Trojan.Spambot;Deleted.;
A0257833.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP740;Probably BACKDOOR.Trojan;Moved.;
A0257838.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Probably BACKDOOR.Trojan;Moved.;
A0257934.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Spambot;Deleted.;
A0260945.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Probably BACKDOOR.Trojan;Moved.;
A0261036.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Trojan.Spambot;Deleted.;
A0262292.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Probably BACKDOOR.Trojan;Moved.;
A0262526.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Probably DLOADER.Trojan;Moved.;
A0262671.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Probably BACKDOOR.Trojan;Moved.;
A0262673.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP742;Trojan.Spambot;Deleted.;
A0264001.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743;Trojan.Spambot;Deleted.;
A0264041.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0264043.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0264044.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0270093.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0270094.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0270096.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Trojan.Spambot;Deleted.;
A0276110.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0276112.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0276113.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0276114.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0276116.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0276120.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP745;Trojan.Spambot;Deleted.;
A0277127.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277128.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277129.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277130.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277131.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277132.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277133.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277134.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277135.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277136.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277137.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277138.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277139.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277140.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277141.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277142.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277143.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277144.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277145.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277146.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277147.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277148.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277149.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277150.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277151.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277152.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277153.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;BackDoor.Groan;Deleted.;
A0277361.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277362.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277363.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277364.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0277384.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746;Trojan.Spambot;Deleted.;
A0281267.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Spambot;Deleted.;
A0281268.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Spambot;Deleted.;
A0281269.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Spambot;Deleted.;
A0282258.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Packed.2;Deleted.;
A0282259.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Packed.2;Deleted.;
A0282260.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Packed.2;Deleted.;
A0282261.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;Trojan.Packed.2;Deleted.;
A0282262.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP747;BackDoor.Groan;Deleted.;
A0285304.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP748;Trojan.Spambot;Deleted.;
A0293990.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;BackDoor.Groan;Deleted.;
A0293991.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0293992.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0293993.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0293994.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0293995.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0293996.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Packed.2;Deleted.;
A0294081.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Spambot;Deleted.;
A0295234.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Spambot;Deleted.;
A0295235.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Trojan.Proxy.1381;Deleted.;
adirss.exe;c:\windows\system32;Trojan.Spambot;Will be cured after reboot.;
lnwin.exe;c:\windows\system32;Trojan.Spambot;Deleted.;
adirss.exe;C:\WINDOWS\SYSTEM32;Trojan.Spambot;Deleted.;
D3ve67b.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
game.exe;C:\WINDOWS\SYSTEM32;Trojan.Spambot;Deleted.;
game1.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
game2.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
game3.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
game4.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
GTDownDE_87.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown;Moved.;
nVdOI3K.exe;C:\WINDOWS\SYSTEM32;Trojan.Packed.2;Deleted.;
vk6p5L3.exe;C:\WINDOWS\SYSTEM32;Trojan.Spambot;Deleted.;
vnMOn87.exe;C:\WINDOWS\SYSTEM32;Trojan.Spambot;Deleted.;

[Ried]

Let's continue.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

As portions of your system restore have been cleaned, we need to create a working restore point now.

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK Windows will automatically create a new Restore Point.

***************************************************

Delete your existing combofix.exe and download it again as it has been updated.

http://www.techsupportforum.com/sect...a/combofix.exe

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Please ensure AVG Anti-Spyware has the latest definitions:

Double-click the icon on Desktop to launch AVG

• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll (file missing)
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File

C:\WINDOWS\system32\ qwertybot.exe

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.

• Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for remnants:

Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Leave the scanning options at default and press "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop. I'll need that report in your next reply.

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG A-S report
BitDefender report
ComboFix.txt
Uninstall_list.txt
New HijackThis log

[gardjim]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report

C:\WINDOWS\SYSTEM32\SearchTool\uninstallSE.exe -> Adware.Beginto : No action taken.
C:\WINDOWS\SYSTEM32\SmartShopper\uninstallSE.exe -> Adware.Beginto : No action taken.
C:\Program Files\WinBudget\bin\crap.1168599386.old -> Adware.BHO : No action taken.
C:\Program Files\WinBudget\bin\matrix.dll -> Adware.BHO : No action taken.
C:\WINDOWS\SYSTEM32\wincom32.sys -> Dropper.Agent.bbv : No action taken.
:mozilla.760:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.133:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.136:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.137:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.138:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.139:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.144:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.145:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.146:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.147:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.148:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.149:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.221:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.456:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.658:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.770:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.425:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.426:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.429:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.131:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.75:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.76:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.82:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.83:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.84:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.85:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.88:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.89:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.90:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.91:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.92:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.505:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.177:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.178:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.179:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.180:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.181:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.182:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.183:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.402:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.535:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.510:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.746:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.152:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.444:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.204:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.205:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.206:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.207:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.208:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.77:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.78:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.79:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.80:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.81:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.625:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.685:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.411:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.412:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.567:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.568:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.569:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.716:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.717:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.718:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.124:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.125:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.732:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.733:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.369:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.373:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.126:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.127:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.128:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.129:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.130:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.579:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.310:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.311:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.191:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.192:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.193:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.283:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.284:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.285:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.286:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.287:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.288:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.396:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.457:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.458:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.459:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.512:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.424:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.168:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.169:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.170:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.171:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.172:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.173:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.174:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.175:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.176:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.189:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.60:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.61:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.62:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.63:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.64:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.434:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.435:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.436:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end
BitDefender Online Scanner - Real Time Virus Report


Generated at: Tue, Feb 13, 2007 - 18:29:24


Scan Info


Scanned Files 401842

Infected Files 19

Virus Detected

Trojan.Downloader.Tibs.BDE 3

Worm.Mixor.A 2

Win32.Mixor.A@mm 14

"Gard Jim" - 07-02-13 18:35:24 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Gard Jim\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\SYSTEM32\MBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPATCH~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPPATC~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SKS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\STEM~1
C:\qoobox\purity\WINDOWS\SYSTEM32\WNSXS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1\?ymbols


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 16:51 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-13 16:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-02-13 14:50 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-02-12 04:31 <DIR> d-------- C:\DOCUME~1\GARDJI~1\Application Data\uTorrent
2007-02-12 02:01 <DIR> d-------- C:\WINDOWS\vf_hip
2007-02-12 02:01 <DIR> d-------- C:\Program Files\Hide IP Platinum
2007-02-07 22:53 <DIR> d-------- C:\DOCUME~1\GARDJI~1\DoctorWeb
2007-02-07 05:44 <DIR> d-------- C:\bintheredunthat
2007-01-30 05:43 <DIR> d-------- C:\Program Files\GeoWhere Lite
2007-01-25 02:43 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-25 01:35 <DIR> d-------- C:\bfu
2007-01-22 04:42 <DIR> d-------- C:\DOCUME~1\GARDJI~1\Application Data\SiteAdvisor
2007-01-18 04:47 <DIR> d-------- C:\DOCUME~1\JESSIC~1.D3G\Application Data\Viewpoint
2007-01-17 18:04 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-17 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-17 06:15 345 --a------ C:\WINDOWS\SYSTEM32\dap.exe
2007-01-16 23:28 <DIR> d-------- C:\DOCUME~1\GARDJI~1\.housecall6.6
2007-01-15 07:34 24,072 --a------ C:\WINDOWS\SYSTEM32\uxtuneup.dll
2007-01-14 03:24 <DIR> d-------- C:\Program Files\Snood


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 18:29 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 14:50 -------- d-------- C:\Program Files\grisoft
2007-02-12 21:50 -------- d-------- C:\DOCUME~1\GARDJI~1\Application Data\avg7
2007-02-08 03:19 -------- d-------- C:\Program Files\accessdiver
2007-02-08 02:42 -------- d-------- C:\Program Files\icoo loader
2007-02-08 00:40 -------- d-------- C:\Program Files\wmr11
2007-02-07 05:44 -------- d-------- C:\Program Files\h-vision
2007-01-26 18:08 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-01-26 18:07 -------- d-------- C:\Program Files\spywareguard
2007-01-26 18:06 -------- d-------- C:\Program Files\smartftp client 2.0
2007-01-26 18:02 -------- d-------- C:\Program Files\limewire
2007-01-26 17:57 -------- d-------- C:\Program Files\google
2007-01-26 17:54 -------- d-------- C:\Program Files\aim6
2007-01-22 05:00 -------- d-------- C:\Program Files\aim
2007-01-22 04:53 -------- d---s---- C:\DOCUME~1\GARDJI~1\Application Data\microsoft
2007-01-22 04:42 -------- d-------- C:\Program Files\partygaming
2007-01-22 04:42 -------- d-------- C:\Program Files\mcafee.com
2007-01-22 04:42 -------- d-------- C:\Program Files\auvisoft audio splitter joiner
2007-01-22 04:42 -------- d-------- C:\Program Files\anti-leech
2007-01-22 04:42 -------- d-------- C:\Program Files\all video joiner
2007-01-21 06:12 -------- d--h----- C:\Program Files\installshield installation information
2007-01-21 06:11 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-21 06:11 -------- d-------- C:\Program Files\aol
2007-01-17 23:02 -------- d-------- C:\Program Files\motorola phone tools
2007-01-17 23:02 -------- d-------- C:\Program Files\Common Files\companion wizard
2007-01-17 22:27 12524 --ahsc--- C:\WINDOWS\SYSTEM32\kgygaavl.sys
2007-01-17 17:38 -------- d-------- C:\Program Files\palmone
2007-01-17 17:28 -------- d-------- C:\Program Files\audio edit
2007-01-17 17:27 -------- d-------- C:\Program Files\addebugger
2007-01-15 07:20 -------- d-------- C:\Program Files\spywareblaster
2007-01-15 07:19 -------- d-------- C:\Program Files\supercleaner
2007-01-12 23:23 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-12 05:56 -------- d-------- C:\Program Files\winbudget
2007-01-11 20:19 -------- d-------- C:\Program Files\quicktime
2007-01-11 18:33 -------- d-------- C:\DOCUME~1\GARDJI~1\Application Data\viewpoint
2007-01-11 03:42 39751 --a------ C:\WINDOWS\SYSTEM32\brrot-uninst.exe
2007-01-03 20:06 -------- d-------- C:\Program Files\windows media connect 2
2007-01-03 05:04 -------- d-------- C:\Program Files\bitlord
2007-01-02 06:24 -------- d-------- C:\Program Files\videofixer
2006-12-28 02:16 -------- d-------- C:\Program Files\ghostsurf
2006-12-26 20:44 -------- d-------- C:\DOCUME~1\GARDJI~1\Application Data\tenebril
2006-12-26 16:24 816672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-12-26 16:24 499712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-12-26 16:24 3968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-12-26 16:24 348160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-12-26 16:24 28416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-12-12 18:37 49 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb41.dat
2006-12-12 18:37 382 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb1942.dat
2006-12-12 01:36 69632 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4827.dat
2006-12-12 01:36 151 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb9680.dat
2006-12-12 01:36 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4306.dat
2006-11-19 20:46 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb4890.dat
2006-11-19 19:38 145 --a-s---- C:\WINDOWS\test.bat
2006-11-19 19:35 1484 --a------ C:\37811723.exe
2006-11-19 19:34 1484 --a------ C:\21825628.exe
2006-11-19 19:33 1484 --a------ C:\46467261.exe
2006-11-19 19:32 1484 --a------ C:\15958717.exe
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb8771.dat
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb5436.dat
2006-11-16 04:25 0 --a------ C:\DOCUME~1\GARDJI~1\Application Data\internaldb2971.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Hide IP Platinum"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Agent"="C:\\WINDOWS\\system32\\alsys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
@=""
"sysinter"="C:\\WINDOWS\\system32\\adirss.exe"
"lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"qwertybot.exe"="C:\\WINDOWS\\system32\\qwertybot.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124425863\\ee\\AOLHostManager.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=dword:00000000
"Mn@mlrf"=dword:00000000
"MnOndNeg"=dword:00000000
"MnQtm"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\winmgmt2

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\01. Kill Me.mp3 4374528 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\02. Haters.mp3 7036928 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\03. I'm Back.mp3 5799936 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\04. Stay Bout It (Feat. Stat Quo).mp3 6529024 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\05. My Club Intro (Feat. Eminem).mp3 7593984 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF(2)\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\00 - Playlist.m3u 4096 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\VA-Tapemasters_Inc.-The_Inc_Files_Pt._10-_Bootleg_-2006-Homely\VA-Tapemasters_Inc.-The_Inc_Files_Pt._10-(Bootleg)-2006-Homely\[100% Complete]-[26F @ 92.9MB at 436KBps]-[mp3info - Hip-Hop (2006) @ 164kbps]\.ioFTPD 48 bytes
C:\WINDOWS\SYSTEM32\wincom32.ini 4096 bytes
C:\WINDOWS\SYSTEM32\wincom32.sys 57344 bytes
C:\WINDOWS\SYSTEM32\WindowsLogon.manifest 4096 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 10

********************************************************************

Completion time: 07-02-13 18:40:50
C:\ComboFix2.txt ... 07-01-29 08:15

[gardjim]

Logfile of HijackThis v1.99.1
Scan saved at 3:13:59 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll
O2 - BHO: (no name) - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe




uninstall list


AccessDiver v4.291
AccessDiver v4.300 (OK)
AccessDiver v4.301
Ad-Aware SE Professional
Adobe Photoshop 7.0
Adobe Reader 7.0.5
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6.0
AIM+ (remove only)
Alarm Clock v1.0
AOL Explorer
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ATI Display Driver
Audacity 1.2.4
Aurora Media Workshop 2.4.5
AVG Anti-Spyware 7.5
Azureus
BitComet 0.70
Broadcom Advanced Control Suite 2
CCE SP Trial Version
DataPilot
DataPilot USB Driver Pack
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Photo Printer 720
Dell Picture Studio v3.0
Dell Support 5.0.0 (766)
DialIdol
Digital Photo Fixer
DivX
DivX Player
DivX Subtitle Displayer 4.54
DVD Decrypter (Remove Only)
DVD Shrink 3.2
dvdSanta 3.44
dvdSanta 4.00
ewido security suite
ffdshow (remove only)
FTP Explorer
Gaim (remove only)
GeoWhere 2.72 (Lite)
Google Toolbar for Internet Explorer
GTK+ Runtime 2.6.9 rev a (remove only)
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
H-Vision v1.05
ICOO Loader 2.5
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
IrfanView (remove only)
IsoBuster 1.7
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
K-Lite Codec Pack 2.24 Full
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
LimeWire PRO 4.10.5
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Matroska Pack - Lazy Man's MKV 0.94 (2004-11-11)
MediaTickets by OIN
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mobile Media Maker (PSP) 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Motorola iMega Pack (remove only)
Motorola Phone Tools
Motorola PST
Motorola Software Update
Movie DVD Maker 1.1.2
Mozilla Firefox (1.5.0.9)
MP3 Audio CD Burner V2.1
Mp3Decode
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
Nero 7 Premium
Nimo Lite Pack v1.0 (Remove Only)
Ourmedia Publisher
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
Photo Click
Photo Collage 1.36
PhotoMix 5.3
PowerDVD 5.3
PSP Max Media Manager
PSP Video Express(remove only)
Quicklinks
QuickTime
RealPlayer
RealProducer Basic 8.5
Riva Producer Lite
River Past Video Perspective
River Past Video Slice
Search Enhancer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Smart Shopper
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Snood for Windows version 3.52-W
Sonic RecordNow!
Sonic Update Manager
Sony ACID Pro 5.0
Sony Media Manager 2.0
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Trillian
TuneUp Utilities 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Modem Driver
Video Fixer 3.23
VideoReDo/Plus Version 2-2-1-445
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WM Recorder 11.0
WordPerfect Office 12
Xvid 1.1.2 final uninstall
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)

[Ried]

This system is still quite infected. It's important you follow all directions given.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Disable Spywareguard as it may interfere with the fixes below:

• Right click the running icon of Spywareguard in the system tray to open the program.
• Then go to Menu, File, and choose Exit. It will automatically restart at next boot.

--------------------------------------------------------------------

Double click ResetTeaTimer.bat you downloaded earlier, to remove all entries set by TeaTimer.

--------------------------------------------------------------------

Download the attached ccret.zip file to your desktop.

Double click on the zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

ICOO Loader

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: (no name) - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - (no file)
O2 - BHO: (no name) - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders

C:\ 37811723.exe
C:\ 21825628.exe
C:\ 46467261.exe
C:\ 15958717.exe
C:\WINDOWS\system32\ adirss.exe
C:\WINDOWS\system32\ lnwin.exe
C:\WINDOWS\system32\ qwertybot.exe
C:\WINDOWS\system32\ alsys.exe
C:\Program Files\ ICOO Loader

--------------------------------------------------------------------

When you ran AVG A-S, no action was taken on the items it found. Check your settings and run it again please.


Launch AVG A-S

• On the main screen select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Now run the scan:

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

It doesn't appear that you let BitDefender disinfect what it found either. Please run it again and let it clean what it finds:

Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Leave the scanning options at default and press "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and post it in your next reply

--------------------------------------------------------------------

Download gmer and unzip it to your desktop.


Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked.

Press scan & when it has finished press copy & paste the log back here

--------------------------------------------------------

1. Download ComboScan to your Desktop.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:ComboScanSupplementary.txt

3. Click Upload.

Post the BitDefender
AVG A-S log
gmer
ComboScan.txt
Attach the Supplementary.txt

[gardjim]

03/04/2007 14:04:58 [ssapi] [2080] CProductConfig::Init - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CProductConfig::Init - EXIT
03/04/2007 14:04:58 [ssapi] [2080] CWhiteList::Load - User WhiteList Loaded - 0 entries
03/04/2007 14:04:58 [ssapi] [2080] CBlackList::Load - User BlackList Loaded - 0 entries
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::Init - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] InitTmTAPIDriver - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] IsTmTAPIDriverInitialized - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] IsTmTAPIDriverInitialized - EXIT
03/04/2007 14:04:58 [ssapi] [2080] InitTmTAPIDriver - EXIT
03/04/2007 14:04:58 [ssapi] [2080] CFileSystem::Init - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CFileSystem::Using TMTAPI
03/04/2007 14:04:58 [ssapi] [2080] CFileSystem::Init - EXIT
03/04/2007 14:04:58 [ssapi] [2080] InitLSPFuncs - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] InitLSPFuncs - EXIT
03/04/2007 14:04:58 [ssapi] [2080] CDCE::Init - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CDCE::Init - EXIT
03/04/2007 14:04:58 [ssapi] [2080] InitLSPFuncs - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::Init - Throttling DISABLED
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::Init - EXIT
03/04/2007 14:04:58
03/04/2007 14:04:58 ------------------------------------- SSAPI Session Started ------------------------------
03/04/2007 14:04:58 Date/Time: Sun Mar 04 14:04:58 2007
03/04/2007 14:04:58 Engine Version: 5.0.0.1060
03/04/2007 14:04:58 O/S Version: Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
03/04/2007 14:04:58 Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
03/04/2007 14:04:58 Bits: 32
03/04/2007 14:04:58 Language: English (United States)
03/04/2007 14:04:58 IE Version: 6.0.2900.2180
03/04/2007 14:04:58 User: ADMINISTRATIVE USER RIGHTS
03/04/2007 14:04:58 Hostname: D3G1SF61
03/04/2007 14:04:58 User Name: Gard Jim
03/04/2007 14:04:58 Profile Dir: C:\Documents and Settings\Gard Jim
03/04/2007 14:04:58 Logon Server: \\D3G1SF61
03/04/2007 14:04:58 Windows Dir: C:\WINDOWS
03/04/2007 14:04:58 ------------------------------------------------------------------------------------------
03/04/2007 14:04:58
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::LoadDatabase - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::CheckThatDatabaseExists - ENTRY
03/04/2007 14:04:58 [ssapi] [2080] CSSScanner::CheckThatDatabaseExists - EXIT
03/04/2007 14:05:01 [ssapi] [2080] CSSScanner::LoadDatabase - Initializing Scanner DBs
03/04/2007 14:05:01 [ssapi] [2080] CSSScanner::LoadDatabase - EXIT
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:22:46 PM 2/27/2007

+ Scan result:



C:\WINDOWS\SYSTEM32\SearchTool\uninstallSE.exe -> Adware.Beginto : Cleaned.
C:\WINDOWS\SYSTEM32\SmartShopper\uninstallSE.exe -> Adware.Beginto : Cleaned.
C:\Program Files\WinBudget\bin\crap.1168599386.old -> Adware.BHO : Cleaned.
C:\Program Files\WinBudget\bin\matrix.dll -> Adware.BHO : Cleaned.
C:\WINDOWS\SYSTEM32\wincom32.sys -> Dropper.Agent.bbv : Cleaned.
:mozilla.578:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.579:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.734:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.413:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.419:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.420:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.308:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.309:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.310:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.311:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.312:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.313:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.11:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.294:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.700:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.701:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.702:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.703:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.594:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.351:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.352:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.353:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.114:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.120:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.832:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.614:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.617:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.555:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.556:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.557:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.558:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.30:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.371:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.285:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.286:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.287:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.288:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.428:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.429:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.430:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.72:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.566:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.183:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.184:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.185:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.230:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.541:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.666:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.836:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.740:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.514:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.515:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.516:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.527:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.528:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.563:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.225:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.227:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.542:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.488:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.489:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.490:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.395:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.396:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.397:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.401:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.402:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.404:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.744:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.745:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.746:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.295:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.296:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.27:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.28:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.29:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.739:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\jessica.D3G1SF61\Cookies\jessica@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.461:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.462:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.463:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.464:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.465:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.466:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.398:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.399:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.400:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.405:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.409:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.412:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.414:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.415:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.416:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.417:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.418:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.293:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.544:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.289:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.247:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.248:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.249:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.250:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.251:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.252:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.253:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.254:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.255:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.421:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.422:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.423:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.424:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.425:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.426:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.427:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.325:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.35:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.432:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.433:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.434:C:\Documents and Settings\jessica.D3G1SF61\Application Data\Mozilla\Firefox\Profiles\atlaui7t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

ComboScan v20070226.18 run by Gard Jim on 2007-03-05 at 02:34:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gard Jim.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:34:23 AM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Documents and Settings\Gard Jim\Desktop\comboscan.exe
C:\HJT\GARDJI~1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-02-05 and 2007-03-05 ------------------------------

2007-03-04 13:59:55 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-02 16:14:26 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-03-02 04:08:45 0 d-------- C:\Program Files\SpyDawn
2007-02-27 03:43:50 0 d-------- C:\Program Files\iTunes
2007-02-27 03:41:37 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-24 1815 0 d-------- C:\Documents and Settings\All Users\Application Data\Avanquest Software<AVANQU~1>
2007-02-20 12:23:08 0 d-------- C:\Program Files\Sibelius Software<SIBELI~1>
2007-02-13 16:51:47 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-13 14:50:49 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 04:31:13 0 d-------- C:\Documents and Settings\Gard Jim\Application Data\uTorrent
2007-02-07 22:53:14 0 d-------- C:\Documents and Settings\Gard Jim\DoctorWeb<DOCTOR~1>
2007-02-07 05:44:02 0 d-------- C:\bintheredunthat<BINTHE~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-04 19:51:16 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-03 19:52:35 0 d-------- C:\Program Files\TuneUp Utilities 2006<TUNEUP~1>
2007-03-03 19:51:45 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-03-03 19:50:58 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
2007-03-03 19:50:36 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-03 19:41:56 0 d-------- C:\Program Files\Google
2007-03-03 19:38:46 0 d-------- C:\Program Files\Alarm Clock<ALARMC~1>
2007-03-03 19:38:46 0 d-------- C:\Program Files\AIM6
2007-03-03 13:59:12 0 d-------- C:\Documents and Settings\Gard Jim\Application Data\AVG7
2007-02-28 23:02:07 12524 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-28 22:31:42 11776 --a-s---- C:\WINDOWS\system32\geplxss.dll
2007-02-27 18:14:38 0 d-------- C:\Program Files\ICOO Loader<ICOOLO~1>
2007-02-27 07:21:35 0 d-------- C:\Program Files\LimeWire
2007-02-27 03:44:01 0 d-------- C:\Program Files\iPod
2007-02-18 22:34:52 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-18 20:10:40 0 d-------- C:\Documents and Settings\Gard Jim\Application Data\Adobe
2007-02-14 14:26:20 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-13 14:50:46 0 d-------- C:\Program Files\Grisoft
2007-02-08 03:19:11 0 d-------- C:\Program Files\Accessdiver<ACCESS~1>
2007-02-08 00:40:40 0 d-------- C:\Program Files\WMR11
2007-02-07 05:44:05 0 d-------- C:\Program Files\H-Vision
2007-02-07 05:43:38 0 d-------- C:\Program Files\GeoWhere Lite<GEOWHE~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 02:43:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-22 05:00:57 0 d-------- C:\Program Files\AIM
2007-01-22 04:53:53 0 d---s---- C:\Documents and Settings\Gard Jim\Application Data\Microsoft<MICROS~1>
2007-01-22 04:42:44 0 d-------- C:\Program Files\McAfee.com
2007-01-22 04:42:44 0 d-------- C:\Documents and Settings\Gard Jim\Application Data\SiteAdvisor<SITEAD~1>
2007-01-22 04:42:43 0 d-------- C:\Program Files\Anti-Leech<ANTI-L~1>
2007-01-22 04:42:40 0 d-------- C:\Program Files\All Video Joiner<ALLVID~1>
2007-01-22 04:42:36 0 d-------- C:\Program Files\Auvisoft Audio Splitter Joiner<AUVISO~1>
2007-01-22 04:42:29 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-01-22 01:45:05 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-21 06:12:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-21 06:11:21 0 d-------- C:\Program Files\AOL
2007-01-21 06:11:11 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-17 23:02:46 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1>
2007-01-17 23:02:18 0 d-------- C:\Program Files\Common Files\Companion Wizard<COMPAN~1>
2007-01-17 17:38:15 0 d-------- C:\Program Files\palmOne
2007-01-17 17:28:46 0 d-------- C:\Program Files\Audio Edit<AUDIOE~1>
2007-01-17 17:27:26 0 d-------- C:\Program Files\ADDebugger<ADDEBU~1>
2007-01-17 06:15:42 345 --a------ C:\WINDOWS\system32\dap.exe
2007-01-15 07:20:40 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-01-15 07:19:53 0 d-------- C:\Program Files\SuperCleaner<SUPERC~1>
2007-01-14 03:29:51 0 d-------- C:\Program Files\Snood
2007-01-12 23:23:44 0 d-------- C:\Program Files\Common Files\aolshare
2007-01-12 05:56:25 0 d-------- C:\Program Files\WinBudget<WINBUD~1>
2007-01-11 18:33:25 0 d-------- C:\Documents and Settings\Gard Jim\Application Data\Viewpoint<VIEWPO~1>
2007-01-11 03:42:43 39751 --a------ C:\WINDOWS\system32\brrot-uninst.exe<BRROT-~1.EXE>
2006-12-26 16:24:23 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-26 16:24:22 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-12 18:37:02 49 --a------ C:\Documents and Settings\Gard Jim\Application Data\internaldb41.dat<INTERN~4.DAT>
2006-12-12 18:37:02 382 --a------ C:\Documents and Settings\Gard Jim\Application Data\internaldb1942.dat<INTERN~1.DAT>
2006-12-12 01:36:10 151 --a------ C:\Documents and Settings\Gard Jim\Application Data\internaldb9680.dat<IN64AA~1.DAT>
2006-12-12 01:36:10 69632 --a------ C:\Documents and Settings\Gard Jim\Application Data\internaldb4827.dat<INTERN~2.DAT>
2006-12-12 01:36:10 0 --a------ C:\Documents and Settings\Gard Jim\Application Data\internaldb4306.dat<IN7A7C~1.DAT>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Hide IP Platinum"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124425863\\ee\\AOLHostManager.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"
"rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe"
"user32.dll"="C:\\Program Files\\Video Access ActiveX Object\\isamntr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\Autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_TMCOMM


-- End of ComboScan: finished at 2007-03-05 at 02:34:43 -------------------------

[gardjim]

*BitDefender Online Scanner*









*Scan report generated at: Fri, Mar 02, 2007 - 17:58:03*

* *









*Scan path: *C:\;D:\;E:\;F:\;G:\;H:\;









* *









*Statistics*

Time



01:40:44

Files



423259

Folders



11079

Boot Sectors



4

Archives



5607

Packed Files



22761









*Results*

Identified Viruses



4

Infected Files



6

Suspect Files



1

Warnings



0

Disinfected



0

Deleted Files



6









*Engines Info*

Virus Definitions



402326

Engine build



AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins



14

Archive plugins



38

Unpack plugins



6

E-mail plugins



6

System plugins



1









*Scan Settings*

First Action



Disinfect

Second Action



Delete

Heuristics



Yes

Enable Warnings



Yes

Scanned Extensions



*;

Exclude Extensions





Scan Emails



Yes

Scan Archives



Yes

Scan Packed



Yes

Scan Files



Yes

Scan Boot



Yes











*Scanned File*



* Status*

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>BlackBox.class



Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>BlackBox.class



Disinfection failed

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>BlackBox.class



Deleted

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip



Updated

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>VerifierBug.class



Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>VerifierBug.class



Disinfection failed

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>VerifierBug.class



Deleted

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip



Updated

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Dummy.class



Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Dummy.class



Disinfection failed

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Dummy.class



Deleted

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip



Updated

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Beyond.class



Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Beyond.class



Disinfection failed

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip=>Beyond.class



Deleted

C:\Documents and Settings\Gard Jim\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-21f1dc87-45f3449c.zip



Updated

C:\Documents and Settings\Gard Jim\Local Settings\Temporary Internet
Files\Content.IE5\Y7CFCPS3\index[1].htm



Infected with: Trojan.JS.Downloader.B

C:\Documents and Settings\Gard Jim\Local Settings\Temporary Internet
Files\Content.IE5\Y7CFCPS3\index[1].htm



Disinfection failed

C:\Documents and Settings\Gard Jim\Local Settings\Temporary Internet
Files\Content.IE5\Y7CFCPS3\index[1].htm



Deleted

C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0312742.exe=>(NSIS
o)=>lzma_solid_nsis0006



Infected with: Trojan.Zlob.Y

C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0312742.exe=>(NSIS
o)=>lzma_solid_nsis0006



Disinfection failed

C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0312742.exe=>(NSIS
o)=>lzma_solid_nsis0006



Deleted

C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0312742.exe=>(NSIS
o)



Update failed

C:\WINDOWS\SYSTEM32\geplxss.dll



Suspected of: Generic.Malware.dld!.35EA3C1F

C:\WINDOWS\SYSTEM32\geplxss.dll



Disinfection failed

C:\WINDOWS\SYSTEM32\geplxss.dll



Delete failed





* *









* *

[Ried]

Hello,

It is imperative that you delete any existing copies of combofix.exe.

Download the revised version:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

---------------------------------------------------------------------

Run an new scan with HijackThis and post the log along with the ComboFix.txt.


How is your system behaving?

[gardjim]

Logfile of HijackThis v1.99.1
Scan saved at 3:35:37 AM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\winlogon.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133497763411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


"Gard Jim" - 07-03-06 3:26:24 Service Pack 2
ComboFix 07-03-05.2_PreRelease - Running from: "C:\Documents and Settings\Gard Jim\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\SYSTEM32\MBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPATCH~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPPATC~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SKS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\STEM~1
C:\qoobox\purity\WINDOWS\SYSTEM32\WNSXS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YMBOLS~1\?ymbols



((((((((((((((((((((((((((((((( Files Created from 2007-02-06 to 2007-03-06 ))))))))))))))))))))))))))))))))))


2007-03-04 13:59 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-03-02 04:08 <DIR> d-------- C:\Program Files\SpyDawn
2007-02-27 03:43 <DIR> d-------- C:\Program Files\iTunes
2007-02-27 03:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-02-24 18:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avanquest Software
2007-02-20 12:23 <DIR> d-------- C:\Program Files\Sibelius Software
2007-02-13 16:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-02-13 14:50 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-02-12 04:31 <DIR> d-------- C:\DOCUME~1\GARDJI~1\APPLIC~1\uTorrent
2007-02-07 22:53 <DIR> d-------- C:\DOCUME~1\GARDJI~1\DoctorWeb
2007-02-07 05:44 <DIR> d-------- C:\bintheredunthat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-03 19:52 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-03-03 19:51 -------- d-------- C:\Program Files\spywareguard
2007-03-03 19:50 -------- d-------- C:\Program Files\smartftp client 2.0
2007-03-03 19:50 -------- d-------- C:\Program Files\quicktime
2007-03-03 19:41 -------- d-------- C:\Program Files\google
2007-03-03 19:38 -------- d-------- C:\Program Files\alarm clock
2007-03-03 19:38 -------- d-------- C:\Program Files\aim6
2007-03-03 13:59 -------- d-------- C:\DOCUME~1\GARDJI~1\APPLIC~1\avg7
2007-02-28 23:02 12524 --ahsc--- C:\WINDOWS\SYSTEM32\kgygaavl.sys
2007-02-28 22:31 11776 --a-s---- C:\WINDOWS\SYSTEM32\geplxss.dll
2007-02-27 18:14 -------- d-------- C:\Program Files\icoo loader
2007-02-27 07:21 -------- d-------- C:\Program Files\limewire
2007-02-27 03:44 -------- d-------- C:\Program Files\ipod
2007-02-18 22:34 -------- d-------- C:\Program Files\irfanview
2007-02-18 20:10 -------- d-------- C:\DOCUME~1\GARDJI~1\APPLIC~1\adobe
2007-02-14 14:26 -------- d-------- C:\Program Files\viewpoint
2007-02-08 03:19 -------- d-------- C:\Program Files\accessdiver
2007-02-08 00:40 -------- d-------- C:\Program Files\wmr11
2007-02-07 05:44 -------- d-------- C:\Program Files\h-vision
2007-02-07 05:43 -------- d-------- C:\Program Files\geowhere lite
2007-01-25 02:43 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-22 05:00 -------- d-------- C:\Program Files\aim
2007-01-22 04:53 -------- d---s---- C:\DOCUME~1\GARDJI~1\APPLIC~1\microsoft
2007-01-22 04:42 -------- d-------- C:\Program Files\partygaming
2007-01-22 04:42 -------- d-------- C:\Program Files\mcafee.com
2007-01-22 04:42 -------- d-------- C:\Program Files\auvisoft audio splitter joiner
2007-01-22 04:42 -------- d-------- C:\Program Files\anti-leech
2007-01-22 04:42 -------- d-------- C:\Program Files\all video joiner
2007-01-22 04:42 -------- d-------- C:\DOCUME~1\GARDJI~1\APPLIC~1\siteadvisor
2007-01-22 01:45 -------- d-------- C:\Program Files\Common Files\mcafee
2007-01-21 06:12 -------- d--h----- C:\Program Files\installshield installation information
2007-01-21 06:11 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-17 23:02 -------- d-------- C:\Program Files\motorola phone tools
2007-01-17 23:02 -------- d-------- C:\Program Files\Common Files\companion wizard
2007-01-17 17:38 -------- d-------- C:\Program Files\palmone
2007-01-17 17:28 -------- d-------- C:\Program Files\audio edit
2007-01-17 17:27 -------- d-------- C:\Program Files\addebugger
2007-01-17 06:15 345 --a------ C:\WINDOWS\SYSTEM32\dap.exe
2007-01-15 07:20 -------- d-------- C:\Program Files\spywareblaster
2007-01-15 07:19 -------- d-------- C:\Program Files\supercleaner
2007-01-14 03:29 -------- d-------- C:\Program Files\snood
2007-01-12 23:23 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-12 05:56 -------- d-------- C:\Program Files\winbudget
2007-01-11 18:33 -------- d-------- C:\DOCUME~1\GARDJI~1\APPLIC~1\viewpoint
2007-01-11 03:42 39751 --a------ C:\WINDOWS\SYSTEM32\brrot-uninst.exe
2006-12-26 16:24 499712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-12-26 16:24 348160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-12-12 18:37 49 --a------ C:\DOCUME~1\GARDJI~1\APPLIC~1\internaldb41.dat
2006-12-12 18:37 382 --a------ C:\DOCUME~1\GARDJI~1\APPLIC~1\internaldb1942.dat
2006-12-12 01:36 69632 --a------ C:\DOCUME~1\GARDJI~1\APPLIC~1\internaldb4827.dat
2006-12-12 01:36 151 --a------ C:\DOCUME~1\GARDJI~1\APPLIC~1\internaldb9680.dat
2006-12-12 01:36 0 --a------ C:\DOCUME~1\GARDJI~1\APPLIC~1\internaldb4306.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Hide IP Platinum"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124425863\\ee\\AOLHostManager.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"
"rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe"
"user32.dll"="C:\\Program Files\\Video Access ActiveX Object\\isamntr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b93339-6b73-11d9-b5be-00038a000015}]
Shell\AutoRun\command G:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\01. Kill Me.mp3 4374528 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\02. Haters.mp3 7036928 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\03. I'm Back.mp3 5799936 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\04. Stay Bout It (Feat. Stat Quo).mp3 6529024 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\05. My Club Intro (Feat. Eminem).mp3 7593984 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF(2)\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\00 - Playlist.m3u 4096 bytes
C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\VA-Tapemasters_Inc.-The_Inc_Files_Pt._10-_Bootleg_-2006-Homely\VA-Tapemasters_Inc.-The_Inc_Files_Pt._10-(Bootleg)-2006-Homely\[100% Complete]-[26F @ 92.9MB at 436KBps]-[mp3info - Hip-Hop (2006) @ 164kbps]\.ioFTPD 48 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7

********************************************************************

Completion time: 07-03-06 3:32:18
C:\ComboFix2.txt ... 07-02-13 18:40
C:\ComboFix3.txt ... 07-01-29 08:15

[Ried]

Thank you for the quick response--it helps to clean this quicker. As you're about to see, you've picked up new infections along the way.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please ensure AVG Anti-Spyware has the latest definitions:

Double-click the icon on Desktop to launch AVG

• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

-------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop. Do not run it yet.

-------------------------------------------------------------------

Please disable the following program(s) as they may interfere with the fixes below. You may re-enable them when we are through cleaning your system:

Spybot TeaTimer. (If it's running)

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.
• See this link for a tutorial

-------------------------------------------------------------------

Spywareguard

• Right click the running icon of Spywareguard in the system tray to open the program.
• Then go to Menu, File, and choose Exit. It will automatically restart at next boot.

-------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists:

Winbudget

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using My Computer, navigate to and delete the following Folder:

C:\Program Files\ winbudget

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

--------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

--------------------------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

--------------------------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

--------------------------------------------------------------------

Please run this online scan to search for any other files that may be lurking. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan[*] Click on located at the bottom of the page.[*] A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *[*] Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*[/list]Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

I'd like to get a sampling of some of the files detected by catchme. Upload the following files (one at a time) to http://virusscan.jotti.org and report back what it found.

C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\Ain't Doin' Dis **** Fa' Nothin' Vol. 34 (Instrumentals)\obie trice-second rounds on me - thephoenixsspot.blogspot.com\Obie- OBIE TRICE-SECOND ROUNDS ON ME\Obie_Trice__-__Second_s__Round__On__Me__Bonus_Tracks_\01. Kill Me.mp3

C:\Documents and Settings\Gard Jim\My Documents\My Music\gg music\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF(2)\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\DJ Radio & DJ Domination Present-D-Block Peer Pressure Pt. 3-RGF\00 - Playlist.m3u

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the the full path of the file (one at a time) from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

If the site is too busy, upload it here http://www.virustotal.com/en/indexf.html


--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

You should still have gmer on your desktop. If you do not, please refer to Post #10 for link and download it again.

Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked.

Press scan & when it has finished press copy & paste the log back here

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S log
Panda log
jotti results
ComboFix.txt
gmer log
New HijackThis log

I've asked you quite a few times--please--how is your system behaving? What problems are you still having?