Somebody help me please?

jdylant · 04-04-2007, 06:06 AM

My Internet Explorer will 'Jump' or 'Redirect' to a random page when I click on a link.

I've run different recommended programs, such as Windows Defender, Hijack This, and KillBox.

None worked and I'll post the Hijack This log since you guys know what you are doing.

Logfile of HijackThis v1.99.1
Scan saved at 3:17:45 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

**amateur** · 04-04-2007, 06:19 PM

Hello and welcome to TSF.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Note: ONLY if you have connection problems after performing above steps - go to Start>Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

jdylant · 04-05-2007, 02:33 PM

The report file from the FixWareOut scan is below...

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdwie.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdwie.ren 63914 08/10/2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"TFncKy"="TFncKy.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"NDSTray.exe"="NDSTray.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"DDWMon"="C:\\Program Files\\TOSHIBA\\TOSHIBA Direct Disc Writer\\\\ddwmon.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

The report from the HijackThis scan is below...

Logfile of HijackThis v1.99.1
Scan saved at 3:32:57 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

jdylant · 04-05-2007, 02:36 PM

Thank-you so much amateur!

I've been trying to figure it out for several days now. I did System Restore and was kind of dissapointed when it along with everything else failed...

So far as I've seen, the problem is completely gone...
Thanks again!

**amateur** · 04-05-2007, 02:57 PM

Hi,

That's great and you're welcome.

We have a little more work though. Before we begin, I would like you to create a new folder and place HijackThis.exe in the new folder. HijackThis creates backups in case if you ever want to redo anything done with HijackThis, and needs to have a folder to itself to house them. Otherwise, you'll have the backup files in the Downloads folder.

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

=======================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================

Close all open Explorer windows and browsers/email, etc
Run HijackThis
Click on the Scan button and when complete
Put a check beside all of the items listed below
Click on the "Fix Checked" button
When completed, close the application.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner

Click on Options,
Select Advanced
Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
Make sure the Cleaner block on the left is selected.
Do not use the "Issues" block . It's meant for professionals.
Choose the Windows tab.
Check everything EXCEPT Advanced part of the Menu.
Click on "Analyze". This process could take a while.
If you don't want to loose your login passwords to certain sites, click on Options
Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
Choose Run Cleaner.

When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware.

=========================================

Reboot in Normal Mode.

=========================================

Your Java is slightly out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.0.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click and post back the contents please.

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

=========================================

Please post back the AVG Anti-Spyware log, Panda scan results and a fresh HijackThis log in your next reply.

jdylant · 04-05-2007, 03:38 PM

I've finished all the steps before the CCleaner scan.
I downloaded it from the recommended site and I've 'installed' it 3 times. Every time I made sure that the destination folder was in my Downloads folder, under CCleaner. I can't find it and don't know if I should skip it.

jdylant · 04-05-2007, 04:59 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:10:45 PM 4/5/2007

+ Scan result:

C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010321.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010322.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011547.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012946.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010319.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012633.exe -> Adware.SpyDawn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011551.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012635.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012945.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010287.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010300.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010313.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010331.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010343.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0011343.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP32\A0011442.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011447.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012941.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007126.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP30\A0010255.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010288.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010301.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010314.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010332.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010336.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011552.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0012628.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012943.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010289.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010302.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010315.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010333.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016581.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016582.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018998.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018999.exe -> Downloader.Zlob.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016584.exe -> Downloader.Zlob.atd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016578.dll -> Downloader.Zlob.atf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018991.exe -> Downloader.Zlob.atl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018995.exe -> Downloader.Zlob.atl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018992.dll -> Downloader.Zlob.aud : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007125.exe -> Downloader.Zlob.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006126.dll -> Downloader.Zlob.biu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006065.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006121.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007121.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP30\A0010254.exe -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012935.exe -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006066.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006122.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007122.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011550.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011554.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012944.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012949.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I9G1V0X\setupmedia.1472[1].exe -> Downloader.Zlob.blz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012640.exe -> Downloader.Zlob.bny : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016579.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016580.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016583.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016585.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018993.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018994.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018996.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018997.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Cookies\john_dylan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@redir.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ehg-luggageonline.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@pro-market[3].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter11.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP44\A0017968.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP73\A0025096.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kdncl.exe -> Trojan.DNSChanger.in : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\laf18.tmp -> Trojan.Renos.naq : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\laf17.tmp -> Trojan.Zlob : Cleaned with backup (quarantined).

::Report end
_________________________________________________________________

Here is the Hijack This Scan Report

Logfile of HijackThis v1.99.1
Scan saved at 5:21:58 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
_________________________________________________________________

And here is the Panda ActiveScan Report

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@atwola[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@did-it[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@media.adrevolver[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\John Dylan\Cookies\john_dylan@mp3search[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@azjmp[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bravenet[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@c.fsx[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ccbill[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@media.adrevolver[3].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@outster[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tucows[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@webpower[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www2.addfreestats[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www3.addfreestats[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www48.seeq[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www6.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/DNSChanger.SM Disinfected C:\WINDOWS\Temp\kdwie.ren

**amateur** · 04-05-2007, 08:00 PM

Hi,

You can go ahead and delete the WareoutFix from your desktop and also delete its folder C:\fixwareout.

Were you eventually able to install Ccleaner or did you skip that step?

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7

Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.

For Netscape 4.x and Up

Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.

For Mozilla 1.x and Up

Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.

For Opera

Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

=================================

Backup Your Registry with ERUNT

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

===================================

Open notepad. It must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad, including the blank line at the end. Make sure that wordwrap is turned off in notepad - click the format menu and uncheck wordwrap.
Choose file save as and set file type to all files.
Type "delete.reg" in the file name and save it to your desktop. Make sure to save it with the quotes

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the "delete.reg" file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer yes.

Reboot your computer.

Please let me know how your computer is running now.

jdylant · 04-05-2007, 08:53 PM

Thanks again amateur! It's running just fine and Internet Explorer isn't acting up anymore. When I did those scans, they showed 216 spyware,malware, or adware viruses on my system...

Do you have any tips or recommendations on how often I should do these scans and refresh my system or delete the temporary files?

my little host of angels bow down to you.

**amateur** · 04-05-2007, 09:12 PM

Hi jdylant,

I love the little host of angels. Thank you.

I am very happy to hear that everything is fine. You can delete the "delete.reg" file from your desktop now as well.

Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. A weekly scan should be enough. It's best if you clean your cookies and temp files prior to scanning to cut down on the scanning time.

Create a new System Restore point to prevent reinfection from old restore points.

Go to Start>Run and type sysdm.cpl. Press Enter

Select the System Restore Tab
Place a check in "Turn off System Restore on all drives"
Click Apply
next, uncheck the same checkbox.
Click Apply
Click OK

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got an antivirus, you can download and install one of the following ones which are free for personal use: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):
AdAware here
Spybot here Remember to "immunize" after each update
Windows Defender here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing. To provide privacy, select disable advanced features when installing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.
SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising
o Pharming o Rogue or Suspect Product o Adware o Malware or Virus

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing.

Please take the time to visit Malware Complaints and register your complaint.
The infection you had was Wareout

jdylant · 04-06-2007, 06:08 AM

Thank-you!(again)

04-04-2007, 06:06 AM	#1 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Somebody help me please? My Internet Explorer will 'Jump' or 'Redirect' to a random page when I click on a link. I've run different recommended programs, such as Windows Defender, Hijack This, and KillBox. None worked and I'll post the Hijack This log since you guys know what you are doing. Logfile of HijackThis v1.99.1 Scan saved at 3:17:45 PM, on 4/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

04-04-2007, 06:19 PM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,508 OS: XP SP3	Re: Somebody help me please? Hello and welcome to TSF. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please. Note: ONLY if you have connection problems after performing above steps - go to Start>Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

04-05-2007, 02:33 PM	#3 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Re: Somebody help me please? The report file from the FixWareOut scan is below... Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdwie.exe" »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdwie.ren 63914 08/10/2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\"" "Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe" "TPSMain"="TPSMain.exe" "THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe" "TFncKy"="TFncKy.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "SkyTel"="SkyTel.EXE" "RTHDCPL"="RTHDCPL.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run" "PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe" "NDSTray.exe"="NDSTray.exe" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "DDWMon"="C:\\Program Files\\TOSHIBA\\TOSHIBA Direct Disc Writer\\\\ddwmon.exe" "CFSServ.exe"="CFSServ.exe -NoClient" "Alcmtr"="ALCMTR.EXE" "AGRSMMSG"="AGRSMMSG.exe" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9" "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» The report from the HijackThis scan is below... Logfile of HijackThis v1.99.1 Scan saved at 3:32:57 PM, on 4/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\QuickTime\qttask.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

04-05-2007, 02:36 PM	#4 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Re: Somebody help me please? Thank-you so much amateur! I've been trying to figure it out for several days now. I did System Restore and was kind of dissapointed when it along with everything else failed... So far as I've seen, the problem is completely gone... Thanks again!

04-05-2007, 02:57 PM	#5 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,508 OS: XP SP3	Re: Somebody help me please? Hi, That's great and you're welcome. We have a little more work though. Before we begin, I would like you to create a new folder and place HijackThis.exe in the new folder. HijackThis creates backups in case if you ever want to redo anything done with HijackThis, and needs to have a folder to itself to house them. Otherwise, you'll have the backup files in the Downloads folder. Please download Ccleaner and save it to your desktop. Tutorial for CCleaner During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet. ======================================= Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. ======================================== Close all open Explorer windows and browsers/email, etc Run HijackThis Click on the Scan button and when complete Put a check beside all of the items listed below Click on the "Fix Checked" button When completed, close the application. O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 ======================================== Reboot your computer in Safe Mode using the F8 method below. a. If the computer is running, shut down Windows, and then turn off the power. b. Wait 30 seconds, and then turn the computer on. c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. d. Ensure that the Safe Mode option is selected. e. Press Enter. The computer then begins to start in Safe mode. ======================================= From Safe Mode run Ccleaner Click on Options, Select Advanced Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours" Make sure the Cleaner block on the left is selected. Do not use the "Issues" block . It's meant for professionals. Choose the Windows tab. Check everything EXCEPT Advanced part of the Menu. Click on "Analyze". This process could take a while. If you don't want to loose your login passwords to certain sites, click on Options Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle. Choose Run Cleaner. When CCleaner shows how much has been removed, cleaning is finished. Click Exit. If you have more than one users, run Ccleaner for every user ======================================== IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Launch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, Please ensure it is set to Quarantine then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware. ========================================= Reboot in Normal Mode. ========================================= Your Java is slightly out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6.0*. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version. ========================================= Perform an online scan using Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click and post back the contents please. * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. ========================================= Please post back the AVG Anti-Spyware log, Panda scan results and a fresh HijackThis log in your next reply. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

04-05-2007, 03:38 PM	#6 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Re: Somebody help me please? I've finished all the steps before the CCleaner scan. I downloaded it from the recommended site and I've 'installed' it 3 times. Every time I made sure that the destination folder was in my Downloads folder, under CCleaner. I can't find it and don't know if I should skip it.

04-05-2007, 08:53 PM	#9 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Re: Somebody help me please? Thanks again amateur! It's running just fine and Internet Explorer isn't acting up anymore. When I did those scans, they showed 216 spyware,malware, or adware viruses on my system... Do you have any tips or recommendations on how often I should do these scans and refresh my system or delete the temporary files? my little host of angels bow down to you.

04-05-2007, 09:12 PM	#10 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,508 OS: XP SP3	Re: Somebody help me please? Hi jdylant, I love the little host of angels. Thank you. I am very happy to hear that everything is fine. You can delete the "delete.reg" file from your desktop now as well. Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. A weekly scan should be enough. It's best if you clean your cookies and temp files prior to scanning to cut down on the scanning time. Create a new System Restore point to prevent reinfection from old restore points. Go to Start>Run and type sysdm.cpl. Press Enter Select the System Restore Tab Place a check in "Turn off System Restore on all drives" Click Apply next, uncheck the same checkbox. Click Apply Click OK You can also find instructions on how to disable and re enable system restore here: Windows XP System Restore Guide And that's all. But to help protect you against further infections, I recommend the following: (You may already have some of the items) Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Avoid illegal sites, because that's where most malware is present. * Don't click on links inside popups. * Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware. * Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware. Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system. If you haven't got an antivirus, you can download and install one of the following ones which are free for personal use: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable. AVG Free here AntiVir here Avast here It is essential to keep the anti-virus program fully updated. IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates. If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. Keep your pestware-scanners up-to-date and do regular scans with them. To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already): AdAware here Spybot here Remember to "immunize" after each update Windows Defender here Install realtime pestware-scanners and keep them up-to-date. The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place: SpywareBlaster here Remember to "enable all protection" after each update. SpywareGuard here If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system. A firewall will prevent unauthorized contact between your computer and internet. If there is no firewall installed on your computer, you can download and install one of the following free firewalls: ZoneAlarm here Kerio Personal Firewall here Outpost here Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall! Test your firewall here to make sure that it's working properly Install these programs, to make surfing with Internet Explorer safer: A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing. To provide privacy, select disable advanced features when installing. IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer. SiteHound by Firetrust here: Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. SiteHound will alert you when you enter a site which is known to contain: · Fraudulent claims or scams · Offensive material · Security vulnerabilities · Spyware or Adware · Spam related material · or other content deemed to be unsafe Specifically, SiteHound blocks these categories: o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising o Pharming o Rogue or Suspect Product o Adware o Malware or Virus Install and use an alternative browser to surf on the internet. Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer. Here are some good alternative browsers: Mozilla Suite here Mozilla Firefox here Opera here Netscape here Important: You can not uninstall Internet Explorer. First of all, it's part of Windows and you'll need it to download and install Windows Updates. Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners. But above all, keep all your software UP-TO-DATE at all time!! Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place Happy and safe surfing. Please take the time to visit Malware Complaints and register your complaint. The infection you had was Wareout __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

04-06-2007, 06:08 AM	#11 (permalink)
jdylant Registered User Join Date: Apr 2007 Location: Oklahoma Posts: 14 OS: XP	Re: Somebody help me please? Thank-you!(again)