Trojan horse, Spyware pop-warning

TJ9ner · 08-20-2008, 11:46 AM

Windows XP user. Some kind of trojan malware I think. I've ran the panda scan and hijackthis and pasted the logs here. Thank you in advance for the help. Also, Crtl + Alt + Delete Task Manager shows no tabs, just processes, but I've had that problem for about 6 months. I'm not sure if it is related.

Panda Scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-20 12:15:55
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.526 7.5.526 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe[C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe][SmitfraudFix\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix\Process.exe
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@anm.co[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@com[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@azjmp[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@atwola[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/]
00522961 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[MagicApplet.class]
00522961 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[MagicApplet.class]
00522968 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[OwnClassLoader.class]
00522968 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[OwnClassLoader.class]
01190049 Trj/ClassLoader.AF Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[Installer.class]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 No No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe[C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe][SmitfraudFix\Reboot.exe]
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020910.sys
02937396 Java/Downloader.TOP Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[Installer.class]
03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temporary Internet Files\Content.IE5\J4H9XSK2\Install[1].exe
03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP62\A0020954.exe
03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\WINDOWS\system32\winstra2.exe
03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020949.exe
03489749 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temporary Internet Files\Content.IE5\HAP0MR2B\Install[1].exe
03489749 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\winstra1.exe
03489749 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020940.exe
03490895 Adware/Xpantivirus2008 Adware Yes 0 Yes No C:\WINDOWS\system32\braviax.exe
03492317 Adware/SecurityError Adware No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Setup_ver1.1409.0.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location '
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description '
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Hijackthis scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:12 AM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061204
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8361 bytes

TJ9ner · 08-28-2008, 10:55 AM

^bump

**amateur** · 08-28-2008, 11:53 AM

Hello and welcome to TSF.

Sorry for the delay in response. The forum is really busy.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide very carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

TJ9ner · 08-28-2008, 02:47 PM

No problem amateur. I appreciate all the help you guys provide!

Here's the logs you requested.

Hijack this....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:00 PM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061204
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8199 bytes

Combo Fix log....

ComboFix 08-08-28.04 - Tyler Murphy 2008-08-28 15:39:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.597 [GMT -5:00]
Running from: C:\Documents and Settings\Tyler Murphy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\bin.clearspring.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\interclick.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\interclick.com\ud.sol
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\static.youku.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\static.youku.com\v1.0.0201\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\kmd.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:55 . 2008-08-23 16:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-22 21:48 . 2008-04-13 19:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-22 21:47 . 2008-04-13 19:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-22 21:46 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-20 11:41 . 2008-08-20 11:41 <DIR> d-------- C:\ie-spyad_zo
2008-08-20 11:37 . 2008-08-20 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 11:29 . 2008-08-20 11:29 <DIR> d-------- C:\Program Files\Panda Security
2008-08-20 11:29 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-20 11:24 . 2008-08-20 14:11 71,992 --a------ C:\WINDOWS\system32\winstra1.exe
2008-08-19 18:44 . 2008-08-20 14:11 314,724 --a------ C:\WINDOWS\system32\winstra2.exe
2008-08-19 17:50 . 2008-08-19 17:50 <DIR> d-------- C:\Program Files\Citrix
2008-08-14 10:56 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-13 11:20 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:17 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 19:06 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\AdobeUM
2008-08-28 16:57 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 18:38 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\U3
2008-08-20 16:37 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-20 16:24 --------- d-----w C:\Program Files\Google
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2006-12-28 05:02 88 --sh--r C:\WINDOWS\system32\F6E019D012.sys
2006-12-28 05:02 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 12:30 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 00:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 00:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 00:45 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-04 01:59 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 16:32 184320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-27 11:53 580096]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:59 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uiuc.edu
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 15:41:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-28 15:43:30
ComboFix-quarantined-files.txt 2008-08-28 20:43:16
ComboFix2.txt 2008-02-06 18:41:00

Pre-Run: 102,045,671,424 bytes free
Post-Run: 103,420,588,032 bytes free

161 --- E O F --- 2008-08-24 15:13:22

**amateur** · 08-28-2008, 10:02 PM

Hi,

Looking much better.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

=============================

Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop
Click Format and ensure Wordwrap is unchecked.

Code:

KILLALL::

File::
C:\WINDOWS\system32\winstra1.exe
C:\WINDOWS\system32\winstra2.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

============================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
In the drop down box labeled Files of type change the type to Text file.
Save the file to your desktop.
Copy and paste that information in your next post.

===========================

Please post back a fresh HijackThis log along with the Combofix.txt and the Kaspersky report. Also, let me know how the system is running now.

TJ9ner · 08-31-2008, 08:23 PM

Hi, sorry for the delay in reply. I was out of town for the weekend.

Here's the requested logs. My computer seems to be running much better.

Also, I'm not sure if it's related my Task Manager has no heading. And here's a pic of that and the virus that was detected by my AVG.
Thanks again for all your help!

ComboFix 08-08-28.04 - Tyler Murphy 2008-08-28 23:57:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.649 [GMT -5:00]
Running from: C:\Documents and Settings\Tyler Murphy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tyler Murphy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\winstra1.exe
C:\WINDOWS\system32\winstra2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winstra1.exe
C:\WINDOWS\system32\winstra2.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-28 23:51 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-28 23:50 . 2008-08-28 23:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:55 . 2008-08-23 16:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-22 21:48 . 2008-04-13 19:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-22 21:47 . 2008-04-13 19:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-22 21:46 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-20 11:41 . 2008-08-20 11:41 <DIR> d-------- C:\ie-spyad_zo
2008-08-20 11:37 . 2008-08-20 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 11:29 . 2008-08-20 11:29 <DIR> d-------- C:\Program Files\Panda Security
2008-08-20 11:29 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-19 17:50 . 2008-08-19 17:50 <DIR> d-------- C:\Program Files\Citrix
2008-08-14 10:56 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-13 11:20 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:17 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 04:51 --------- d-----w C:\Program Files\Java
2008-08-28 19:06 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\AdobeUM
2008-08-28 16:57 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 18:38 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\U3
2008-08-20 16:37 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-20 16:24 --------- d-----w C:\Program Files\Google
2006-12-28 05:02 88 --sh--r C:\WINDOWS\system32\F6E019D012.sys
2006-12-28 05:02 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-28_15.42.53.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 17:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 17:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 19:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-08-28 20:37:50 71,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-29 04:54:14 71,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 20:37:50 420,804 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-29 04:54:14 420,804 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 12:30 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 00:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 00:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 00:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-04 01:59 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 16:32 184320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-27 11:53 580096]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:59 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
.
Contents of the 'Scheduled Tasks' folder

2008-08-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 00:01:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-29 0:05:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 05:05:05
ComboFix2.txt 2008-08-28 20:43:30
ComboFix3.txt 2008-02-06 18:41:00

Pre-Run: 103,096,299,520 bytes free
Post-Run: 103,237,787,648 bytes free

146 --- E O F --- 2008-08-24 15:13:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:33 PM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Tyler Murphy\Local Settings\temp\jkos-Tyler Murphy\binaries\ScanningProcess.exe
C:\Documents and Settings\Tyler Murphy\Local Settings\temp\jkos-Tyler Murphy\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061204
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8825 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 31, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 29, 2008 16:20:20
Records in database: 1163148
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 57507
Threat name: 14
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 01:10:50

File name / Threat name / Threats count
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-42735334 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-34a6d124 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-736b99ca Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-790628ed Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-790628ed Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-790628ed Infected: Trojan-Downloader.Java.Agent.a 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\63\6cfd9a3f-48a7f8c5 Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\6.0\63\6cfd9a3f-48a7f8c5 Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-159e93a2.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-74b2a32d.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip Infected: Trojan-Downloader.Java.Agent.a 1
C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-51de10e-5bf17afc.zip Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Bone Thugs-N-Harmony - Days of our live.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Great Northern - A Sun A Sound.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\i386\MSCOMCTL.OCX Infected: not-a-virus:FraudTool.Win32.SpyAway.ag 1
C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vbep 1
C:\QooBox\Quarantine\C\WINDOWS\system32\winstra1.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vbew 1
C:\QooBox\Quarantine\C\WINDOWS\system32\winstra2.exe.vir Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.p 1

The selected area was scanned.

**amateur** · 09-01-2008, 03:49 AM

Hi,

Quote:

Sorry for the delay in reply. I was out of town for the weekend.

No worries.

What AVG reports is in the Java cache. Follow the instructions below to clear the cache.

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Under Temporary Internet Files, click the Settings button.
Click the Delete Files... button below. Make sure next are checked:
Applications and Applets
Trace and Log Files
Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

=====================================

Kaspersky is reporting some infected items on your desktop. You may have downloaded them via a p2p file sharing program such as LimeWire. Please delete them.

C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\06 Track 6.wma
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Bone Thugs-N-Harmony - Days of our live.mp3
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Great Northern - A Sun A Sound.mp3
C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\Transfer\Top of Charts - 2003.wma

I would like to take this opportunity to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove any p2p file sharing program from your system via Add/Remove Programs in Control Panel.

The following file is also reported as infected. This is not a default location for i386 folder or the MSCOMCTL.OCX file. Did you have anything to do with it?

C:\i386\MSCOMCTL.OCX

Please have it scanned at Virus Total and let me know the results: http://www.virustotal.com/xhtml/index_en.html

Also let me know how the computer is running now.

TJ9ner · 09-01-2008, 08:29 AM

Cache has been cleared.

Infected files deleted.

Limewire deleted from computer.

Quote:

Originally Posted by amateur

The following file is also reported as infected. This is not a default location for i386 folder or the MSCOMCTL.OCX file. Did you have anything to do with it?

C:\i386\MSCOMCTL.OCX

Please have it scanned at Virus Total and let me know the results: http://www.virustotal.com/xhtml/index_en.html

Also let me know how the computer is running now.

Nope, I have no idea what it does and/or where it goes. But I scanned it and here at the results. Thanks again!

File MSCOMCTL.OCX received on 09.01.2008 16:23:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.8.29.0 2008.09.01 -
AntiVir 7.8.1.23 2008.09.01 -
Authentium 5.1.0.4 2008.09.01 -
Avast 4.8.1195.0 2008.08.31 -
AVG 8.0.0.161 2008.09.01 -
BitDefender 7.2 2008.09.01 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.09.01 -
DrWeb 4.44.0.09170 2008.09.01 -
eSafe 7.0.17.0 2008.08.31 -
eTrust-Vet 31.6.6062 2008.09.01 -
Ewido 4.0 2008.09.01 -
F-Prot 4.4.4.56 2008.09.01 -
F-Secure 7.60.13501.0 2008.09.01 -
Fortinet 3.14.0.0 2008.09.01 -
GData 19 2008.09.01 -
Ikarus T3.1.1.34.0 2008.09.01 -
K7AntiVirus 7.10.435 2008.09.01 -
Kaspersky 7.0.0.125 2008.09.01 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3404 2008.09.01 -
Norman 5.80.02 2008.09.01 -
Panda 9.0.0.4 2008.08.31 -
PCTools 4.4.2.0 2008.09.01 -
Prevx1 V2 2008.09.01 -
Rising 20.60.01.00 2008.09.01 -
Sophos 4.33.0 2008.09.01 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.09.01 -
TheHacker 6.3.0.6.069 2008.09.01 -
TrendMicro 8.700.0.1004 2008.09.01 -
VBA32 3.12.8.4 2008.08.31 -
ViRobot 2008.9.1.1359 2008.09.01 -
VirusBuster 4.5.11.0 2008.09.01 -
Webwasher-Gateway 6.6.2 2008.09.01 -
Additional information
File size: 1077336 bytes
MD5...: f7bbb7d79adb9e3adc13f3b3c33d3d4d
SHA1..: cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a
SHA256: 18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006
SHA512: 4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d
017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e
PEiD..: -
TrID..: File type identification
DirectShow filter (50.6%)
Windows OCX File (31.0%)
Win32 Executable MS Visual C++ (generic) (9.4%)
Windows Screen Saver (3.2%)
Win32 Executable Generic (2.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27593990
timedatestamp.....: 0x3cc9a872 (Fri Apr 26 19:20:18 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xabf48 0xac000 6.69 39a4fafe75c64da6260158985c03a425
.data 0xad000 0x7388 0x8000 2.01 5f8c20820f5150932d634d994ce03b2d
.rsrc 0xb5000 0x45c00 0x46000 4.51 1053df1b5028401f94e5de48166ddf6c
.reloc 0xfb000 0x98a4 0xa000 6.59 2c65d862ad6e86cb9b55dee236b3a6e1

( 7 imports )
> KERNEL32.dll: CreateThread, LocalReAlloc, GetProfileIntA, RtlMoveMemory, LocalSize, FreeResource, GetCurrentProcessId, MulDiv, GetTickCount, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, GlobalReAlloc, IsBadReadPtr, Sleep, WaitForSingleObject, GlobalHandle, GetThreadLocale, LocalFree, LocalAlloc, GlobalAddAtomA, SetFilePointer, SetStdHandle, FlushFileBuffers, VirtualAlloc, WriteFile, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, GetCurrentProcess, TerminateProcess, ExitProcess, RtlUnwind, GetCommandLineA, CompareStringW, GlobalSize, CreateFileA, GetFileSize, GlobalUnlock, GlobalLock, ReadFile, CloseHandle, GlobalFree, IsDBCSLeadByte, GetModuleHandleA, FindResourceA, LoadResource, LockResource, GetLastError, GetFileAttributesA, GetVersion, DisableThreadLibraryCalls, GetProcAddress, GetLocaleInfoA, LoadLibraryA, GetWindowsDirectoryA, lstrcatA, GetModuleFileNameA, IsBadWritePtr, lstrcmpiA, GetLocalTime, GetTimeFormatA, GetDateFormatA, lstrcmpA, GlobalAlloc, GetVersionExA, GetCurrentThreadId, MultiByteToWideChar, CompareStringA, lstrcpyA, InterlockedExchange, lstrlenA, GetSystemDefaultLCID, lstrcpynA, HeapAlloc, DeleteCriticalSection, FreeLibrary, HeapFree, WideCharToMultiByte, lstrlenW, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetProcessHeap, InterlockedIncrement, InterlockedDecrement, HeapReAlloc
> USER32.dll: DrawFocusRect, AdjustWindowRect, DrawFrameControl, TrackPopupMenu, GetMessageA, AdjustWindowRectEx, CopyRect, GetKeyNameTextA, ShowCaret, SetCaretPos, GrayStringA, HideCaret, DestroyCaret, CreateCaret, SetWindowTextA, SetScrollInfo, DrawTextExA, InvertRect, SetRectEmpty, GetShellWindow, SetKeyboardState, GetKeyboardState, GetScrollInfo, GetKeyboardLayout, DestroyCursor, GetUpdateRgn, GetUpdateRect, GetWindowRgn, ValidateRect, CallMsgFilterA, LockWindowUpdate, IsZoomed, GetDesktopWindow, GetIconInfo, GetCursor, GetForegroundWindow, InvalidateRgn, EndDeferWindowPos, EnumChildWindows, GetDoubleClickTime, FindWindowA, GetMessageTime, GetWindowThreadProcessId, RemovePropA, SendNotifyMessageA, SetScrollPos, SetScrollRange, GetWindowTextLengthA, EnableScrollBar, ChildWindowFromPoint, EndDialog, GetWindow, GetPropA, GetCursorPos, WindowFromPoint, GetClassNameA, GetDlgCtrlID, IsWindow, SetPropA, SetTimer, KillTimer, SendDlgItemMessageA, IsWindowVisible, UnregisterClassA, CharNextA, SetActiveWindow, CheckRadioButton, SetFocus, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, CheckDlgButton, GetDlgItem, IsWindowEnabled, GetDCEx, DrawIconEx, CreateIconIndirect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetClipboardFormatNameA, SetCursorPos, RegisterClipboardFormatA, MessageBeep, RegisterWindowMessageA, PeekMessageA, PostMessageW, PeekMessageW, VkKeyScanA, SetParent, CharUpperA, GetDlgItemInt, SetCursor, CreateDialogIndirectParamA, GetNextDlgTabItem, IsDialogMessageA, ScrollWindowEx, GetDlgItemTextA, SetWindowRgn, IntersectRect, EqualRect, MoveWindow, BeginPaint, EndPaint, DeferWindowPos, BeginDeferWindowPos, CharNextExA, DrawIcon, DestroyIcon, MapWindowPoints, CreatePopupMenu, AppendMenuA, TrackPopupMenuEx, DestroyMenu, GetActiveWindow, MessageBoxA, WinHelpA, PtInRect, DefWindowProcA, GetWindowDC, SetRect, LoadCursorA, IsRectEmpty, ClientToScreen, GetWindowRect, MapVirtualKeyA, DestroyWindow, CreateWindowExA, GetSysColorBrush, GetAsyncKeyState, EnableWindow, PostMessageA, TranslateMessage, DispatchMessageA, wsprintfA, DialogBoxParamA, UpdateWindow, GetWindowLongA, SetWindowLongA, GetDC, ReleaseDC, GetParent, OffsetRect, UnionRect, GetFocus, IsChild, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExA, GetMessagePos, ScreenToClient, SetWindowPos, SetCapture, GetWindowTextA, WindowFromDC, GetClientRect, CallWindowProcA, DrawEdge, GetSysColor, FrameRect, InflateRect, FillRect, DrawTextA, GetKeyState, GetCapture, ReleaseCapture, GetClassInfoA, RegisterClassA, InvalidateRect, LoadIconA, GetSystemMetrics, CopyImage, SendMessageA, LoadStringA, RedrawWindow, ShowWindow, CreateAcceleratorTableA
> ole32.dll: ReleaseStgMedium, DoDragDrop, RegisterDragDrop, RevokeDragDrop, CreateStreamOnHGlobal, OleLoadFromStream, OleSaveToStream, CreateOleAdviseHolder, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance
> ADVAPI32.dll: RegDeleteKeyA, RegOpenKeyA, RegQueryValueA, RegQueryValueExA, RegEnumKeyExA, RegCreateKeyA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegDeleteValueA
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> comdlg32.dll: GetOpenFileNameA
> GDI32.dll: Arc, GetTextExtentPointA, GetCharWidthA, OffsetWindowOrgEx, ExtTextOutW, GetTextExtentPointW, Polyline, GetTextAlign, SetTextAlign, OffsetRgn, GetTextColor, CombineRgn, GetTextMetricsA, MoveToEx, LineTo, Ellipse, DeleteObject, SelectObject, CreateSolidBrush, SetViewportOrgEx, SetWindowOrgEx, SetViewportExtEx, SetWindowExtEx, SetMapMode, GetDeviceCaps, CreateFontIndirectA, GetObjectA, SelectClipRgn, ExcludeClipRect, RectVisible, GetClipBox, IntersectClipRect, GetClipRgn, CreateRectRgnIndirect, RealizePalette, SelectPalette, PatBlt, CreateCompatibleBitmap, CreateBitmap, CreateCompatibleDC, GetTextExtentPoint32A, TextOutA, SetBkColor, SetTextColor, SetBkMode, Rectangle, CreatePen, GetStockObject, GetViewportExtEx, GetWindowExtEx, LPtoDP, DeleteDC, CreateDCA, CreateRectRgn, StretchBlt, CreateICA, CopyMetaFileA, CopyEnhMetaFileA, GetPaletteEntries, GetDIBits, CreateDIBitmap, GetBitmapBits, CreatePalette, GetNearestColor, CreatePatternBrush, CreateDIBSection, CreateHalftonePalette, BitBlt, SetDIBColorTable, GetDIBColorTable, GetPixel, StretchDIBits, SetBrushOrgEx, GetBkColor, ExtTextOutA, RestoreDC, SaveDC, CreateFontA

( 5 exports )
DLLGetDocumentation, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

ThreatExpert info: http://www.threatexpert.com/report.a...13f3b3c33d3d4d

TJ9ner · 09-01-2008, 08:31 AM

Sorry forgot to add about the computer. It seems to be running very good now. Only thing thats wrong is the task bar missing tabs like before. Not sure it's related though, but everything else looks good!
Thank you!

**amateur** · 09-01-2008, 12:46 PM

It may be the "Tiny Footprint Mode"

Check this link and let me know if it worked.

http://support.microsoft.com/kb/193050

TJ9ner · 09-01-2008, 03:10 PM

Wow I feel stupid! Thank you so much for all the help. My computer is working great!

**amateur** · 09-02-2008, 04:57 AM

Hi TJ9ner,

No problem. We all overlook things one time or another. Glad to hear that your computer is working great now.

Take care and stay safe!

08-20-2008, 11:46 AM	#1 (permalink)
TJ9ner Registered User Join Date: Feb 2008 Posts: 19 OS: WinXP (Service Pack 2)	Trojan horse, Spyware pop-warning Windows XP user. Some kind of trojan malware I think. I've ran the panda scan and hijackthis and pasted the logs here. Thank you in advance for the help. Also, Crtl + Alt + Delete Task Manager shows no tabs, just processes, but I've had that problem for about 6 months. I'm not sure if it is related. Panda Scan: ;********************************************************************************************************************************************************************************* ANALYSIS: 2008-08-20 12:15:55 PROTECTIONS: 1 MALWARE: 43 SUSPECTS: 0 ;********************************************************************************************************************************************************************************* PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG 7.5.526 7.5.526 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.trafficmp.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.atdmt.com/] 00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe[C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe][SmitfraudFix\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix\Process.exe 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.247realmedia.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.mediaplex.com/] 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@anm.co[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@com[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@azjmp[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.apmebf.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.burstnet.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.bs.serving-sys.com/] 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@www.burstbeacon[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[www.burstbeacon.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.advertising.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[statse.webtrendslive.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ads.pointroll.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.overture.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.zedo.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.bluestreak.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.adrevolver.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@adultfriendfinder[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.go.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Cookies\tyler_murphy@atwola[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\cookies.txt[.ehg-dig.hitbox.com/] 00522961 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[MagicApplet.class] 00522961 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[MagicApplet.class] 00522968 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[OwnClassLoader.class] 00522968 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[OwnClassLoader.class] 01190049 Trj/ClassLoader.AF Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-4a1d9c31-10b67fb8.zip[Installer.class] 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix\Reboot.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 No No C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe[C:\Documents and Settings\Tyler Murphy\Desktop\Desktop Icons\SmitfraudFix.exe][SmitfraudFix\Reboot.exe] 02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020910.sys 02937396 Java/Downloader.TOP Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-30f3d990.zip[Installer.class] 03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temporary Internet Files\Content.IE5\J4H9XSK2\Install[1].exe 03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP62\A0020954.exe 03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\WINDOWS\system32\winstra2.exe 03458329 Adware/XPSecurityCenter Adware No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020949.exe 03489749 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temporary Internet Files\Content.IE5\HAP0MR2B\Install[1].exe 03489749 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\winstra1.exe 03489749 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP61\A0020940.exe 03490895 Adware/Xpantivirus2008 Adware Yes 0 Yes No C:\WINDOWS\system32\braviax.exe 03492317 Adware/SecurityError Adware No 0 Yes No C:\Documents and Settings\Tyler Murphy\Local Settings\Temp\Setup_ver1.1409.0.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location ' ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ' ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Hijackthis scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:54:12 AM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\braviax.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061204 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8361 bytes

08-28-2008, 10:55 AM	#2 (permalink)
TJ9ner Registered User Join Date: Feb 2008 Posts: 19 OS: WinXP (Service Pack 2)	Re: Trojan horse, Spyware pop-warning ^bump

08-28-2008, 11:53 AM	#3 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,426 OS: XP SP3	Re: Trojan horse, Spyware pop-warning Hello and welcome to TSF. Sorry for the delay in response. The forum is really busy. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide very carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

08-28-2008, 02:47 PM	#4 (permalink)
TJ9ner Registered User Join Date: Feb 2008 Posts: 19 OS: WinXP (Service Pack 2)	Re: Trojan horse, Spyware pop-warning No problem amateur. I appreciate all the help you guys provide! Here's the logs you requested. Hijack this.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:45:00 PM, on 8/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3061204 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8199 bytes Combo Fix log.... ComboFix 08-08-28.04 - Tyler Murphy 2008-08-28 15:39:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.597 [GMT -5:00] Running from: C:\Documents and Settings\Tyler Murphy\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\bin.clearspring.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\interclick.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\interclick.com\ud.sol C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\static.youku.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\#SharedObjects\MYKNSYNM\static.youku.com\v1.0.0201\v\swf\qplayer.swf\youku.sol C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com C:\Documents and Settings\Tyler Murphy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol C:\kmd.exe C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\kmd.exe . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-23 16:58 . 2008-08-23 16:58 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-23 16:55 . 2008-08-23 16:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-22 21:48 . 2008-04-13 19:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-22 21:47 . 2008-04-13 19:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-22 21:46 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-20 11:41 . 2008-08-20 11:41 <DIR> d-------- C:\ie-spyad_zo 2008-08-20 11:37 . 2008-08-20 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-20 11:29 . 2008-08-20 11:29 <DIR> d-------- C:\Program Files\Panda Security 2008-08-20 11:29 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-20 11:24 . 2008-08-20 14:11 71,992 --a------ C:\WINDOWS\system32\winstra1.exe 2008-08-19 18:44 . 2008-08-20 14:11 314,724 --a------ C:\WINDOWS\system32\winstra2.exe 2008-08-19 17:50 . 2008-08-19 17:50 <DIR> d-------- C:\Program Files\Citrix 2008-08-14 10:56 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-13 11:20 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 11:17 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 19:06 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\AdobeUM 2008-08-28 16:57 --------- d-----w C:\Program Files\Apple Software Update 2008-08-27 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-25 18:38 --------- d-----w C:\Documents and Settings\Tyler Murphy\Application Data\U3 2008-08-20 16:37 --------- d-----w C:\Program Files\SpywareBlaster 2008-08-20 16:24 --------- d-----w C:\Program Files\Google 2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2006-12-28 05:02 88 --sh--r C:\WINDOWS\system32\F6E019D012.sys 2006-12-28 05:02 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 12:30 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 00:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 00:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 00:45 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-04 01:59 26112] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 16:32 184320] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-27 11:53 580096] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:59 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tyler Murphy\Application Data\Mozilla\Firefox\Profiles\4x0erlp6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uiuc.edu . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 15:41:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-28 15:43:30 ComboFix-quarantined-files.txt 2008-08-28 20:43:16 ComboFix2.txt 2008-02-06 18:41:00 Pre-Run: 102,045,671,424 bytes free Post-Run: 103,420,588,032 bytes free 161 --- E O F --- 2008-08-24 15:13:22

08-28-2008, 10:02 PM	#5 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,426 OS: XP SP3	Re: Trojan horse, Spyware pop-warning Hi, Looking much better. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop. Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. ============================= Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work) Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop Click Format and ensure Wordwrap is unchecked. Code: KILLALL:: File:: C:\WINDOWS\system32\winstra1.exe C:\WINDOWS\system32\winstra2.exe Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"=- Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ============================ Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer. This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. In the drop down box labeled Files of type change the type to Text file. Save the file to your desktop. Copy and paste that information in your next post. =========================== Please post back a fresh HijackThis log along with the Combofix.txt and the Kaspersky report. Also, let me know how the system is running now. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

09-01-2008, 08:31 AM	#9 (permalink)
TJ9ner Registered User Join Date: Feb 2008 Posts: 19 OS: WinXP (Service Pack 2)	Re: Trojan horse, Spyware pop-warning Sorry forgot to add about the computer. It seems to be running very good now. Only thing thats wrong is the task bar missing tabs like before. Not sure it's related though, but everything else looks good! Thank you!

09-01-2008, 12:46 PM	#10 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,426 OS: XP SP3	Re: Trojan horse, Spyware pop-warning It may be the "Tiny Footprint Mode" Check this link and let me know if it worked. http://support.microsoft.com/kb/193050 __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

09-01-2008, 03:10 PM	#11 (permalink)
TJ9ner Registered User Join Date: Feb 2008 Posts: 19 OS: WinXP (Service Pack 2)	Re: Trojan horse, Spyware pop-warning Wow I feel stupid! Thank you so much for all the help. My computer is working great!

09-02-2008, 04:57 AM	#12 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,426 OS: XP SP3	Re: Trojan horse, Spyware pop-warning Hi TJ9ner, No problem. We all overlook things one time or another. Glad to hear that your computer is working great now. Take care and stay safe! __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006