WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Really Slow

Started by Jordan_Inc , Jul 13 2007 12:20 AM

Please log in to reply

38 replies to this topic

#1 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 13 July 2007 - 12:20 AM

my computer is running really slow, but i think i also have spyware

opens to login window real slow.
loads desktops real slow
open files slow
everything sloww

i run Win XP

Logfile of HijackThis v1.99.1
Scan saved at 11:12:02 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {2ACC3AA8-AB54-4F20-B24D-EF079AA91B16} - C:\WINDOWS\System32\lkep.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6monr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\dcmrm.dll
O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\scxawvup.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\WinPlosion.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\wrrqhoeo.dll",setvm
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134859808406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134859798828
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dcmrm - C:\WINDOWS\SYSTEM32\dcmrm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O20 - Winlogon Notify: xod - C:\WINDOWS\SYSTEM32\xod.dll
O21 - SSODL: EzAnxu - {6C44B701-C6EE-1DAB-DD62-20D27FB85E52} - C:\WINDOWS\System32\eziqx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Advertisements

Register to Remove

#2 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 14 July 2007 - 07:33 PM

Howdy Jordan_Inc,

This doesn't seem to be the same computer we assisted with last month, and it surely doesn't seem to be the same infection (and it is very infected). The infection looks almost as if this is a time traveler's system - some very old and some very new, and then the rest in between. Had this system been shelved for awhile, then brought back into use? Let's selectively just clear some history out of the way then go after active infection. Might need to copy these steps or have other access to them, as you will be doing them in part without net access.

Disable Spyware Doctor, as it may interfere with repairs.

1. Open Spyware Doctor
2. Click on the 'Settings' button on the left hand panel
3. Then click on the 'Startup Settings' under 'Pick a Category'
4. Uncheck the box on the right that says 'Run at Windows Startup'

Then go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop lsass
sc delete lsass

Type Exit to close.

----------------------------------------

Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {2ACC3AA8-AB54-4F20-B24D-EF079AA91B16} - C:\WINDOWS\System32\lkep.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O21 - SSODL: EzAnxu - {6C44B701-C6EE-1DAB-DD62-20D27FB85E52} - C:\WINDOWS\System32\eziqx.dll (file missing)

Then Download SDFix.exe and save it to your desktop.

And Download ComboFix.exe from here to your desktop.

Then disconnect from net access for the next steps. If cable/dsl, physically disconnect the modem.

===================================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder. Open the extracted folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Then open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back here.

================================

After the reboot click on ComboFix.exe to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Reconnect to net access, and Disable your antivirus program (remember to re-enable it once this scan is complete) and go here (be sure to re-enable it after the scan completes) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and take a break for a while.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here.

Then run a new HijackThis scan, and post that log back here along with the SDFix Report.txt log, the combofix.txt log and the BitDefender log please.

#3 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 15 July 2007 - 05:22 PM

Hi Jintan,

This computer is a HP AMD Athlon 2800+
It's about four years old.

I think I had a problem with typing sc stop lsass and sc delete lsass
because it didn't show in the command screen, but i blindly did it anyways.
Also, Windows had popped up saying I was not authorized to do this because it is illegal?

Safe Mode took me some time to figure out because the F8 tab key didn't seem to work.
So i did it manually myself by typing in MSCONFIG into the Start > Run
at first it didn't work so smoothly because all i got was a black screen with "Safe Mode" on all four corners.
After a few times of rebooting it finally worked :]

Other then the things mentioned above, everything you directed me to do ran quite nicely.

New HiJackThis scan:

Logfile of HijackThis v1.99.1
Scan saved at 4:02:32 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\2Wire\WebWorks.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\dcmrm.dll
O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\qpljqfvr.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\WinPlosion.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134859808406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134859798828
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dcmrm - C:\WINDOWS\SYSTEM32\dcmrm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

SDFix Report.txt log:

SDFix: Version 1.91

Run by Owner on Sun 07/15/2007 at 10:30 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
lsass

ImagePath:
"C:\WINDOWS\scvhost.exe"

lsass - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\win2E.tmp.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\temp.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\uninstall.exe - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\ipv6monr.dll - Deleted
C:\WINDOWS\system32\ipv6mons.dll - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Owner\Desktop\carp**\New Folder\Jin-ABC-JP-[RapBlueprint.com]-2007-C4\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Music\Jin-ABC-JP-[RapBlueprint.com]-2007-C4\Thumbs.db
C:\Documents and Settings\Administrator\Local Settings\Temp\hwndgbkqd.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\mk.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\oktz7.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\u0.dll
C:\Documents and Settings\Default User\Local Settings\Temp\hwndgbkqd.dll
C:\Documents and Settings\Default User\Local Settings\Temp\mk.dll
C:\Documents and Settings\Default User\Local Settings\Temp\oktz7.dll
C:\Documents and Settings\Default User\Local Settings\Temp\u0.dll
C:\Program Files\America Online 9.0a\AOLphx.exe
C:\Program Files\America Online 9.0a\rbm.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\download\BIT2A.tmp

Finished

Combofix.txt log:

"Owner" - 2007-07-15 11:02:01 - ComboFix 07-07-13.8 - Service Pack 2 NTFS [SAFE MODE]

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\xod.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\APPLIC~1\Sskknwrd.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Sskuknwrd.dll
C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sskknwrd.dll
C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sskuknwrd.dll
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TXN8K67Q\www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\download
C:\Program Files\Common Files\download\freeprodtb.exe
C:\Program Files\Common Files\download\mc-110-12-0000166.exe
C:\Program Files\Common Files\download\mc-58-12-0000166.exe
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget2
C:\Program Files\Common Files\inetget2\mc-58-12-0000166.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\system32.dll
C:\Program Files\inetget2
C:\Program Files\video activex access
C:\Program Files\windows
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\1.exe -ppc_timeout=
C:\WINDOWS\144.exe
C:\WINDOWS\1800.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\2272.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\bi.dll
C:\WINDOWS\biprep.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\DOWNLO~1.\ysbactivex.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hosts
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\susp.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wml.exe

((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))

2007-07-15 11:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 10:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-15 02:32 2,268 ---hs---- C:\WINDOWS\system32\ospcont.dat
2007-07-15 02:30 836 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ViewerApp.dat
2007-07-15 01:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Motive
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lycos
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aim
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.limewire
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.jpi_cache
2007-07-15 01:24 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 01:24 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Yahoo! Messenger
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Template
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic Foundry
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-15 01:17 <DIR> d-------- C:\WINDOWS\pss
2007-07-14 22:51 259,604 --a------ C:\WINDOWS\system32\sxccfhbu.dll
2007-07-14 22:51 124,948 --a------ C:\WINDOWS\system32\qpljqfvr.dll
2007-07-14 22:47 259,604 --------- C:\WINDOWS\system32\xggrywmk.dll
2007-07-14 22:47 124,948 --a------ C:\WINDOWS\system32\qhfmyjbl.dll
2007-07-14 22:25 259,604 --------- C:\WINDOWS\system32\lewpwqei.dll
2007-07-14 22:25 124,948 --a------ C:\WINDOWS\system32\rsbyiabe.dll
2007-07-14 22:09 259,604 --------- C:\WINDOWS\system32\smdfpndl.dll
2007-07-14 22:09 124,948 --a------ C:\WINDOWS\system32\mvoooelt.dll
2007-07-13 20:58 124,948 --a------ C:\WINDOWS\system32\eltyncab.dll
2007-07-13 20:57 259,604 --------- C:\WINDOWS\system32\ixddetki.dll
2007-07-12 22:49 124,948 --a------ C:\WINDOWS\system32\scxawvup.dll
2007-07-12 21:26 124,948 --a------ C:\WINDOWS\system32\njknlpnj.dll
2007-07-12 21:01 124,948 --a------ C:\WINDOWS\system32\ehioeisv.dll
2007-07-12 21:00 259,604 --a------ C:\WINDOWS\system32\hnoxhdoi.dll
2007-07-12 20:01 124,948 --a------ C:\WINDOWS\system32\sidvbvgb.dll
2007-07-07 21:03 259,604 --------- C:\WINDOWS\system32\cfosxvux.dll
2007-07-07 21:03 124,948 --a------ C:\WINDOWS\system32\iaeiantv.dll
2007-07-02 23:01 124,948 --a------ C:\WINDOWS\system32\aanqtiwg.dll
2007-07-02 22:54 259,604 --a------ C:\WINDOWS\system32\ihepbkvg.dll
2007-07-02 22:54 124,948 --a------ C:\WINDOWS\system32\ifjtuvye.dll
2007-07-02 21:29 124,948 --a------ C:\WINDOWS\system32\vfipepun.dll
2007-07-01 20:27 259,604 --------- C:\WINDOWS\system32\ojscttje.dll
2007-07-01 20:27 124,948 --a------ C:\WINDOWS\system32\mspfuugd.dll
2007-06-30 23:07 124,948 --a------ C:\WINDOWS\system32\nxfraact.dll
2007-06-21 00:08 124,948 --a------ C:\WINDOWS\system32\nioncira.dll
2007-06-21 00:05 978,413 --------- C:\WINDOWS\system32\dcmrm.dll
2007-06-17 21:10 32 --ahs---- C:\WINDOWS\system32\{981E6DF4-EF56-48B7-9837-71508F600CF8}.dat
2007-06-17 21:10 32 --ahs---- C:\WINDOWS\{C2DE7FE9-0E3A-4D91-8B0F-318831CE9792}.dat
2007-06-17 21:08 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-17 21:08 73,480 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-17 21:08 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2007-06-17 21:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-06-16 11:58 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-15 10:06:45 -------- d-----w C:\Program Files\Spyware Doctor
2007-07-15 08:42:08 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-08 06:04:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-08 05:02:13 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-08 05:02:12 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-07-01 07:09:51 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-06-18 05:09:23 -------- d-----w C:\Program Files\Symantec
2007-06-17 05:27:46 -------- d-----w C:\Program Files\545 Studios
2007-06-16 20:18:13 -------- d-----w C:\Program Files\WinPLOSION
2007-06-15 02:20:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-06-14 06:55:30 26,880 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-14 06:55:14 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-06-14 06:55:14 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-06-14 06:55:14 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-06-14 06:55:13 801 ----a-w C:\WINDOWS\system32\drivers\system_stable_header_small.gif
2007-06-14 06:55:13 6,533 ----a-w C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
2007-06-14 06:55:13 15,075 ----a-w C:\WINDOWS\system32\drivers\system_stable_box.jpg
2007-06-14 06:55:13 1,636 ----a-w C:\WINDOWS\system32\drivers\system_stable_header.gif
2007-06-14 06:55:12 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-06-14 06:55:12 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-06-14 06:55:12 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-06-14 06:55:12 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-06-14 06:55:11 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-06-14 06:55:11 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-06-14 06:55:11 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-06-14 06:55:10 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-06-14 06:55:10 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-06-14 06:55:10 3,099 ----a-w C:\WINDOWS\system32\drivers\logo.gif
2007-06-14 06:55:10 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-06-14 06:55:09 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-06-14 06:55:09 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-06-14 06:55:09 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-06-14 06:55:09 50,277 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-06-14 06:55:09 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-06-14 06:55:09 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-06-14 06:55:07 945 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-06-14 06:55:07 6,373 ----a-w C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-06-14 06:55:06 64 ----a-w C:\WINDOWS\system32\drivers\close_icon.gif
2007-06-14 06:55:06 6,575 ----a-w C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-06-14 06:55:06 360 ----a-w C:\WINDOWS\system32\drivers\header_bg.gif
2007-06-14 06:55:06 2,186 ----a-w C:\WINDOWS\system32\drivers\alert_icon.gif
2007-06-14 06:55:06 1,014 ----a-w C:\WINDOWS\system32\drivers\icon_warning.gif
2007-06-14 06:55:05 4,825 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-06-12 03:50:04 75,264 ----a-w C:\WINDOWS\system32\WEP.dll
2007-06-12 03:50:03 11,776 ----a-w C:\WINDOWS\system32\WINPHK.DLL
2007-06-05 07:35:38 -------- d-----w C:\Program Files\Stardock
2007-05-31 01:06:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Snapfish
2007-05-24 00:58:54 29,264 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-05-24 00:58:50 83,024 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-24 00:58:46 57,424 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-24 00:58:42 53,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-24 00:58:38 39,376 ----a-w C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-23 03:00:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Image Zone Express
2005-07-07 03:25:12 343,639 ------r C:\Program Files\Common Files\clbcatex.exe
2005-01-03 19:20:15 836 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ViewerApp.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3727275-224F-4AB0-8642-7D461EFB82D8}]
2007-06-21 00:06 978413 --------- C:\WINDOWS\system32\dcmrm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F39022DD-4718-4AF5-8F89-DB61016B14Ce}]
2007-07-14 22:51 124948 --a------ C:\WINDOWS\system32\qpljqfvr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 06:14]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"nwiz"="nwiz.exe" [2003-05-02 22:19 C:\WINDOWS\system32\nwiz.exe]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 17:51]
"HostManager"="C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe" [2005-08-02 14:26]
"WinHound"="C:\Program Files\WinHound\WinHound.exe" []
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2005-12-17 15:16]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2005-12-17 15:16]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"VF0060 STISvc"="V0060Pin.dll" [2004-10-31 17:00 C:\WINDOWS\system32\V0060Pin.dll]
"WinPLOSION"="C:\Program Files\WinPLOSION\WinPlosion.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-01 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-14 19:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDFix"="C:\DOCUME~1\Owner\Desktop\SDFix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SDFix"=C:\DOCUME~1\Owner\Desktop\SDFix\RunThis.bat /second
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dcmrm]
dcmrm.dll --------- 2007-06-21 00:06 978413 C:\WINDOWS\system32\dcmrm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll --a------ 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\system32\msorcl32.exe

Contents of the 'Scheduled Tasks' folder
2007-07-02 05:29:17 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2004-05-28 02:37:18 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1072488026.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-15 11:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-15 11:26:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-15 11:25

--- E O F ---

#4 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 15 July 2007 - 05:24 PM

and finally the BitDefender log (sorry it couldn't fit with the previous reply post)

BitDefender log:

BitDefender Online Scanner

Scan report generated at: Sun, Jul 15, 2007 - 15:54:21

Scan path: A:\;C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;

Statistics

Time
02:54:31

Files
612374

Folders
13296

Boot Sectors
3

Archives
21739

Packed Files
28407

Results

Identified Viruses
54

Infected Files
237

Suspect Files
8

Warnings
0

Disinfected
0

Deleted Files
243

Engines Info

Virus Definitions
672262

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Administrator\Local Settings\Temp\4CAl.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\4CAl.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\4CAl.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\68E.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\68E.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\68E.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\6lbs.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\6lbs.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\6lbs.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\8Re.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\8Re.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\8Re.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\a5O2.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\a5O2.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\a5O2.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\addit.exe
Infected with: Dropped:Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\addit.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\addit.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Infected with: Trojan.Downloader.Istbar.ER

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.SecondThought.AK

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Administrator\Local Settings\Temp\all_files9.exe
Infected with: Backdoor.Ruledor.E

C:\Documents and Settings\Administrator\Local Settings\Temp\all_files9.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\all_files9.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Del5D.tmp
Infected with: Trojan.Downloader.Small.BEE

C:\Documents and Settings\Administrator\Local Settings\Temp\Del5D.tmp
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Del5D.tmp
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Del6C.tmp
Detected with: Adware.180solutions.I

C:\Documents and Settings\Administrator\Local Settings\Temp\Del6C.tmp
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Del6C.tmp
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\fixit.exe
Infected with: Dropped:Trojan.Maddle.B.DLL

C:\Documents and Settings\Administrator\Local Settings\Temp\fixit.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\fixit.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\GLF24GLF24.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.E

C:\Documents and Settings\Administrator\Local Settings\Temp\GLF24GLF24.EXE=>wise0008
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\GLF24GLF24.EXE
Update failed

C:\Documents and Settings\Administrator\Local Settings\Temp\GPO.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\GPO.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\GPO.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\hfzAn.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\hfzAn.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\hfzAn.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\hwndGbKQD.exe
Infected with: Trojan.Midaddle.D

C:\Documents and Settings\Administrator\Local Settings\Temp\hwndGbKQD.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\hwndGbKQD.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe
Infected with: Dropped:Trojan.Dropper.Small.GT

C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\istsvc_updater.exe
Infected with: Trojan.Downloader.IstBar.BO

C:\Documents and Settings\Administrator\Local Settings\Temp\istsvc_updater.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\istsvc_updater.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Iyo.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\Iyo.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Iyo.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\kL.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\kL.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\kL.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\L4.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\L4.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\L4.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe
Detected with: Adware.Winad.AM

C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Midaddle.D

C:\Documents and Settings\Administrator\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\midaddle.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Administrator\Local Settings\Temp\nstC7.EXE
Detected with: Adware.Smartpops.C

C:\Documents and Settings\Administrator\Local Settings\Temp\nstC7.EXE
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\nstC7.EXE
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Administrator\Local Settings\Temp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\preInsTT.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0002.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0002.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0002.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0006.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0006.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0006.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0025.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0025.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0025.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Q.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\Q.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Q.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\remove.exe
Infected with: Trojan.Downloader.Keenval.F

C:\Documents and Settings\Administrator\Local Settings\Temp\remove.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\remove.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\SIc.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\SIc.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\SIc.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Administrator\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Administrator\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\tsinstall_4_0_3_7.exe
Infected with: Trojan.Downloader.Tsupdate.I

C:\Documents and Settings\Administrator\Local Settings\Temp\tsinstall_4_0_3_7.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\tsinstall_4_0_3_7.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Infected with: Trojan.Downloader.TSUpdate.C

C:\Documents and Settings\Administrator\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\update_1.exe
Infected with: Trojan.STILEN.A

C:\Documents and Settings\Administrator\Local Settings\Temp\update_1.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\update_1.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\UrNj.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\UrNj.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\UrNj.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\uV.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\uV.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\uV.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Ve.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\Ve.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Ve.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Infected with: Dropped:Application.ProcKill.Jk

C:\Documents and Settings\Administrator\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\whenu.exe
Infected with: Trojan.Adware.Whenu.B

C:\Documents and Settings\Administrator\Local Settings\Temp\whenu.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\whenu.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\WinWildApp.exe
Detected with: Adware.Statmedia.A

C:\Documents and Settings\Administrator\Local Settings\Temp\WinWildApp.exe
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\WinWildApp.exe
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\XXQ.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\XXQ.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\XXQ.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\xYjCiYQ.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\xYjCiYQ.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\xYjCiYQ.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\YucChpHx.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\YucChpHx.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\YucChpHx.dll
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\Z71.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Administrator\Local Settings\Temp\Z71.dll
Disinfection failed

C:\Documents and Settings\Administrator\Local Settings\Temp\Z71.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\4CAl.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\4CAl.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\4CAl.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\68E.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\68E.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\68E.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\6lbs.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\6lbs.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\6lbs.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\8Re.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\8Re.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\8Re.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\a5O2.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\a5O2.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\a5O2.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\addit.exe
Infected with: Dropped:Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\addit.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\addit.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Infected with: Trojan.Downloader.Istbar.ER

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.SecondThought.AK

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\adlinstallwin32.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Default User\Local Settings\Temp\all_files9.exe
Infected with: Backdoor.Ruledor.E

C:\Documents and Settings\Default User\Local Settings\Temp\all_files9.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\all_files9.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Del5D.tmp
Infected with: Trojan.Downloader.Small.BEE

C:\Documents and Settings\Default User\Local Settings\Temp\Del5D.tmp
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Del5D.tmp
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Del6C.tmp
Detected with: Adware.180solutions.I

C:\Documents and Settings\Default User\Local Settings\Temp\Del6C.tmp
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Del6C.tmp
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\fixit.exe
Infected with: Dropped:Trojan.Maddle.B.DLL

C:\Documents and Settings\Default User\Local Settings\Temp\fixit.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\fixit.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\GLF24GLF24.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.E

C:\Documents and Settings\Default User\Local Settings\Temp\GLF24GLF24.EXE=>wise0008
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\GLF24GLF24.EXE
Update failed

C:\Documents and Settings\Default User\Local Settings\Temp\GPO.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\GPO.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\GPO.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\hfzAn.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\hfzAn.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\hfzAn.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\hwndGbKQD.exe
Infected with: Trojan.Midaddle.D

C:\Documents and Settings\Default User\Local Settings\Temp\hwndGbKQD.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\hwndGbKQD.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\II22.exe
Infected with: Dropped:Trojan.Dropper.Small.GT

C:\Documents and Settings\Default User\Local Settings\Temp\II22.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\II22.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\istsvc_updater.exe
Infected with: Trojan.Downloader.IstBar.BO

C:\Documents and Settings\Default User\Local Settings\Temp\istsvc_updater.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\istsvc_updater.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Iyo.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\Iyo.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Iyo.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\kL.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\kL.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\kL.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\L4.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\L4.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\L4.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\MediaAccessInstPack.exe
Detected with: Adware.Winad.AM

C:\Documents and Settings\Default User\Local Settings\Temp\MediaAccessInstPack.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\MediaAccessInstPack.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Midaddle.D

C:\Documents and Settings\Default User\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\midaddle.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\midaddle.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Default User\Local Settings\Temp\nstC7.EXE
Detected with: Adware.Smartpops.C

C:\Documents and Settings\Default User\Local Settings\Temp\nstC7.EXE
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\nstC7.EXE
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Default User\Local Settings\Temp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\preInsTT.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0002.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0002.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0002.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0006.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0006.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0006.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0025.exe
Infected with: Trojan.Downloader.Pacer.D

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0025.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\ptf_0025.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Q.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\Q.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Q.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\remove.exe
Infected with: Trojan.Downloader.Keenval.F

C:\Documents and Settings\Default User\Local Settings\Temp\remove.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\remove.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\SIc.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\SIc.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\SIc.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Default User\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\THI1152.tmp\preInsTT.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Detected with: Adware.Serchentrix.A

C:\Documents and Settings\Default User\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\THI3CD0.tmp\preInsTT.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\tsinstall_4_0_3_7.exe
Infected with: Trojan.Downloader.Tsupdate.I

C:\Documents and Settings\Default User\Local Settings\Temp\tsinstall_4_0_3_7.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\tsinstall_4_0_3_7.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Infected with: Trojan.Downloader.TSUpdate.C

C:\Documents and Settings\Default User\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\update_1.exe
Infected with: Trojan.STILEN.A

C:\Documents and Settings\Default User\Local Settings\Temp\update_1.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\update_1.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\UrNj.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\UrNj.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\UrNj.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\uV.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\uV.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\uV.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Ve.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\Ve.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Ve.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Infected with: Dropped:Application.ProcKill.Jk

C:\Documents and Settings\Default User\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\WebRebates_Auto_InstallSilent.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\whenu.exe
Infected with: Trojan.Adware.Whenu.B

C:\Documents and Settings\Default User\Local Settings\Temp\whenu.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\whenu.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\WinWildApp.exe
Detected with: Adware.Statmedia.A

C:\Documents and Settings\Default User\Local Settings\Temp\WinWildApp.exe
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\WinWildApp.exe
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\XXQ.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\XXQ.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\XXQ.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\xYjCiYQ.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\xYjCiYQ.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\xYjCiYQ.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\YucChpHx.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\YucChpHx.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\YucChpHx.dll
Deleted

C:\Documents and Settings\Default User\Local Settings\Temp\Z71.dll
Infected with: Trojan.Spy.Middadle.A

C:\Documents and Settings\Default User\Local Settings\Temp\Z71.dll
Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temp\Z71.dll
Deleted

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\install[1].exe
Infected with: Trojan.Downloader.Dyfuca.CS

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\install[1].exe
Disinfection failed

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\install[1].exe
Deleted

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\optimize[1]
Infected with: Trojan.Downloader.Dyfuca.CQ

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\optimize[1]
Disinfection failed

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\optimize[1]
Deleted

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\QWPU74Z9\actalert[1].exe
Infected with: Trojan.Downloader.Dyfuca.CR

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\QWPU74Z9\actalert[1].exe
Disinfection failed

C:\Documents and Settings\Dien\Local Settings\Temporary Internet Files\Content.IE5\QWPU74Z9\actalert[1].exe
Deleted

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6monr.dll
Suspected of: Trojan.Spy.BZub.ET

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6monr.dll
Disinfection failed

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6monr.dll
Deleted

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6mons.dll
Suspected of: Trojan.Spy.BZub.ET

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6mons.dll
Disinfection failed

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/ipv6mons.dll
Deleted

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/uninstall.exe
Infected with: DeepScan:Generic.Mitglied.24B07580

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/uninstall.exe
Disinfection failed

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip=>backups/uninstall.exe
Deleted

C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip
Updated

C:\Program Files\Common Files\rurq\rurqa.exe
Infected with: Trojan.Downloader.Tsupdate.L

C:\Program Files\Common Files\rurq\rurqa.exe
Disinfection failed

C:\Program Files\Common Files\rurq\rurqa.exe
Deleted

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
Detected with: Adware.ToolBar.MyWebSearch.L

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
Deleted

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
Detected with: Adware.Mywebsearch.G

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
Deleted

C:\Program Files\Wilnline\Cache00074d_435ed15f_0007a120
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00074d_435ed15f_0007a120
Disinfection failed

C:\Program Files\Wilnline\Cache00074d_435ed15f_0007a120
Deleted

C:\Program Files\Wilnline\Cache001366_435ed213_0003d090
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache001366_435ed213_0003d090
Disinfection failed

C:\Program Files\Wilnline\Cache001366_435ed213_0003d090
Deleted

C:\Program Files\Wilnline\Cache0013e9_435ed272_00016e36
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache0013e9_435ed272_00016e36
Disinfection failed

C:\Program Files\Wilnline\Cache0013e9_435ed272_00016e36
Deleted

C:\Program Files\Wilnline\Cache0015a1_435ed230_0007a120
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache0015a1_435ed230_0007a120
Disinfection failed

C:\Program Files\Wilnline\Cache0015a1_435ed230_0007a120
Deleted

C:\Program Files\Wilnline\Cache001953_435ed2e1_000e8b25
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache001953_435ed2e1_000e8b25
Disinfection failed

C:\Program Files\Wilnline\Cache001953_435ed2e1_000e8b25
Deleted

C:\Program Files\Wilnline\Cache001ad4_435ed170_000e1113
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache001ad4_435ed170_000e1113
Disinfection failed

C:\Program Files\Wilnline\Cache001ad4_435ed170_000e1113
Deleted

C:\Program Files\Wilnline\Cache001f16_435ed4a3_0006ea05
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache001f16_435ed4a3_0006ea05
Disinfection failed

C:\Program Files\Wilnline\Cache001f16_435ed4a3_0006ea05
Deleted

C:\Program Files\Wilnline\Cache00252a_435ed384_0006ea05
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00252a_435ed384_0006ea05
Disinfection failed

C:\Program Files\Wilnline\Cache00252a_435ed384_0006ea05
Deleted

C:\Program Files\Wilnline\Cache00301c_435ed1a7_00040d99
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00301c_435ed1a7_00040d99
Disinfection failed

C:\Program Files\Wilnline\Cache00301c_435ed1a7_00040d99
Deleted

C:\Program Files\Wilnline\Cache00323b_435ed190_000e4e1c
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00323b_435ed190_000e4e1c
Disinfection failed

C:\Program Files\Wilnline\Cache00323b_435ed190_000e4e1c
Deleted

C:\Program Files\Wilnline\Cache00368e_435ed29b_0006ea05
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00368e_435ed29b_0006ea05
Disinfection failed

C:\Program Files\Wilnline\Cache00368e_435ed29b_0006ea05
Deleted

C:\Program Files\Wilnline\Cache004c85_435ed496_0001ab3f
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache004c85_435ed496_0001ab3f
Disinfection failed

C:\Program Files\Wilnline\Cache004c85_435ed496_0001ab3f
Deleted

C:\Program Files\Wilnline\Cache00590e_435ed3b8_000e4e1c
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00590e_435ed3b8_000e4e1c
Disinfection failed

C:\Program Files\Wilnline\Cache00590e_435ed3b8_000e4e1c
Deleted

C:\Program Files\Wilnline\Cache005f49_435ed1e4_000501bd
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache005f49_435ed1e4_000501bd
Disinfection failed

C:\Program Files\Wilnline\Cache005f49_435ed1e4_000501bd
Deleted

C:\Program Files\Wilnline\Cache006ad4_435ed2fd_0008583b
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache006ad4_435ed2fd_0008583b
Disinfection failed

C:\Program Files\Wilnline\Cache006ad4_435ed2fd_0008583b
Deleted

C:\Program Files\Wilnline\Cache00701f_435ed162_0001312d
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache00701f_435ed162_0001312d
Disinfection failed

C:\Program Files\Wilnline\Cache00701f_435ed162_0001312d
Deleted

C:\Program Files\Wilnline\Cache0071f0_435ed2d3_0001ab3f
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache0071f0_435ed2d3_0001ab3f
Disinfection failed

C:\Program Files\Wilnline\Cache0071f0_435ed2d3_0001ab3f
Deleted

C:\Program Files\Wilnline\Cache0074ad_435ed4b0_000a037a
Detected with: Application.JS.ForcePopup.I

C:\Program Files\Wilnline\Cache0074ad_435ed4b0_000a037a
Disinfection failed

C:\Program Files\Wilnline\Cache0074ad_435ed4b0_000a037a
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\freeprodtb.exe.vir
Infected with: Trojan.Drop.Agent.AAC

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\freeprodtb.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\freeprodtb.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-110-12-0000166.exe.vir
Infected with: Trojan.Downloader.4723.A

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-110-12-0000166.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-110-12-0000166.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-58-12-0000166.exe.vir
Infected with: Trojan.Maxi.A

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-58-12-0000166.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\Download\mc-58-12-0000166.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\InetGet2\mc-58-12-0000166.exe.vir
Infected with: Trojan.Downloader.4723.D

C:\QooBox\Quarantine\C\Program Files\Common Files\InetGet2\mc-58-12-0000166.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\InetGet2\mc-58-12-0000166.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\system32.dll.vir=>gui.exe
Infected with: Trojan.Downloader.Agent.RV

C:\QooBox\Quarantine\C\Program Files\Common Files\system32.dll.vir=>gui.exe
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\system32.dll.vir=>gui.exe
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\system32.dll.vir
Updated

C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\ysbactivex.dll.vir
Infected with: Generic.Istbar.4F637AEC

C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\ysbactivex.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\ysbactivex.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir
Infected with: Trojan.Downloader.Vb.ASX

C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xod.dll.vir
Infected with: Trojan.Downloader.JIUG

C:\QooBox\Quarantine\C\WINDOWS\system32\xod.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\xod.dll.vir
Deleted

C:\RECYCLER\NPROTECT030655.exe
Detected with: Adware.180Solutions.5.11

C:\RECYCLER\NPROTECT030655.exe
Disinfection failed

C:\RECYCLER\NPROTECT030655.exe
Deleted

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\packageinstaller.exe
Infected with: Trojan.Downloader.Comet.D

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\packageinstaller.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\packageinstaller.exe
Deleted

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc64\gui.exe
Infected with: Trojan.Downloader.Agent.RV

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc64\gui.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc64\gui.exe
Deleted

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc57.exe
Infected with: Trojan.Downloader.G

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc57.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc57.exe
Deleted

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc58.exe
Infected with: Trojan.Downloader.Winshow.R

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc58.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1010\Dc58.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035293.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035293.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035293.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035315.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035315.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035315.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035346.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035346.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035346.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035370.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035370.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP391\A0035370.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035394.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035394.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035394.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035415.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035415.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP392\A0035415.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035440.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035440.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035440.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035462.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035462.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035462.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035482.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035482.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP393\A0035482.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP394\A0035521.DLL
Infected with: Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP394\A0035521.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP394\A0035521.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038637.exe
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038637.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038637.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038649.exe
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038649.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP396\A0038649.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0038859.exe
Infected with: Dropped:Trojan.Hooker.T

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0038859.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0038859.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0039871.exe
Infected with: DeepScan:Generic.Zlob.7.DE21A523

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0039871.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0039871.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0041056.dll
Infected with: Trojan.Dldr.Conhook.AI

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0041056.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0041056.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0042077.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0042077.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP399\A0042077.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP400\A0045110.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP400\A0045110.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP400\A0045110.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0046110.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0046110.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0046110.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0047152.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0047152.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0047152.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047268.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047268.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047268.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047377.dll
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047377.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047377.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047378.dll
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047378.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047378.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047400.exe
Infected with: Trojan.Drop.Agent.AAC

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047400.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047400.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047401.exe
Infected with: Trojan.Downloader.4723.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047401.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047401.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047402.exe
Infected with: Trojan.Maxi.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047402.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047402.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047403.exe
Infected with: Trojan.Downloader.4723.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047403.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047403.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047405.dll=>gui.exe
Infected with: Trojan.Downloader.Agent.RV

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047405.dll=>gui.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047405.dll=>gui.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047405.dll
Updated

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047406.dll
Infected with: Trojan.Downloader.Vb.ASX

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047406.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047406.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047438.dll
Infected with: Trojan.Downloader.JIUG

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047438.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047438.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047620.dll
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047620.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047620.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047621.dll
Suspected of: Trojan.Spy.BZub.ET

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047621.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047621.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047629.exe
Infected with: DeepScan:Generic.Mitglied.24B07580

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047629.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047629.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047668.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047668.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047668.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047669.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047669.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047669.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047670.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047670.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047670.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047671.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047671.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047671.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047672.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047672.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047672.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047673.exe
Infected with: Dropped:Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047673.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047673.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047674.exe
Infected with: Backdoor.Ruledor.E

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047674.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047674.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047675.exe
Infected with: Dropped:Trojan.Maddle.B.DLL

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047675.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047675.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047676.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047676.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047676.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047677.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047677.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047677.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047678.exe
Infected with: Trojan.Midaddle.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047678.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047678.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047679.exe
Infected with: Dropped:Trojan.Dropper.Small.GT

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047679.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047679.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047680.exe
Infected with: Trojan.Downloader.IstBar.BO

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047680.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047680.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047681.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047681.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047681.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047682.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047682.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047682.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047683.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047683.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047683.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047684.exe
Detected with: Adware.Winad.AM

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047684.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047684.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047685.EXE
Detected with: Adware.Smartpops.C

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047685.EXE
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047685.EXE
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047686.exe
Detected with: Adware.Serchentrix.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047686.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047686.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047687.exe
Infected with: Trojan.Downloader.Pacer.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047687.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047687.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047688.exe
Infected with: Trojan.Downloader.Pacer.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047688.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047688.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047689.exe
Infected with: Trojan.Downloader.Pacer.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047689.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047689.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047690.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047690.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047690.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047691.exe
Infected with: Trojan.Downloader.Keenval.F

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047691.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047691.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047692.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047692.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047692.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047693.exe
Detected with: Adware.Serchentrix.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047693.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047693.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047694.exe
Detected with: Adware.Serchentrix.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047694.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047694.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047695.exe
Infected with: Trojan.Downloader.Tsupdate.I

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047695.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047695.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047696.exe
Infected with: Trojan.Downloader.TSUpdate.C

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047696.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047696.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047697.exe
Infected with: Trojan.STILEN.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047697.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047697.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047698.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047698.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047698.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047699.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047699.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047699.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047700.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047700.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047700.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047701.exe
Infected with: Dropped:Application.ProcKill.Jk

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047701.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047701.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047702.exe
Infected with: Trojan.Adware.Whenu.B

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047702.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047702.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047703.exe
Detected with: Adware.Statmedia.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047703.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047703.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047704.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047704.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047704.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047705.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047705.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047705.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047706.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047706.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047706.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047707.dll
Infected with: Trojan.Spy.Middadle.A

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047707.dll
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047707.dll
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047708.exe
Infected with: Trojan.Downloader.Dyfuca.CS

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047708.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047708.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047709.exe
Infected with: Trojan.Downloader.Dyfuca.CR

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047709.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047709.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047734.exe
Infected with: Trojan.Downloader.Tsupdate.L

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047734.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047734.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047735.DLL
Detected with: Adware.ToolBar.MyWebSearch.L

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047735.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047735.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047736.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047736.DLL
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047736.DLL
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047744.exe
Detected with: Adware.180Solutions.5.11

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047744.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047744.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047745.exe
Infected with: Trojan.Downloader.Comet.D

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047745.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047745.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047746.exe
Infected with: Trojan.Downloader.Agent.RV

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047746.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047746.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047747.exe
Infected with: Trojan.Downloader.G

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047747.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047747.exe
Deleted

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047748.exe
Infected with: Trojan.Downloader.Winshow.R

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047748.exe
Disinfection failed

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047748.exe
Deleted

C:\WINDOWS\cfgmgr52.dll
Detected with: Adware.BookedSpace.E

C:\WINDOWS\cfgmgr52.dll
Disinfection failed

C:\WINDOWS\cfgmgr52.dll
Deleted

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
Infected with: Trojan.Downloader.Istbar.NH

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
Disinfection failed

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
Deleted

C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
Infected with: Trojan.Downloader.Neededware.B

C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
Disinfection failed

C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
Deleted

C:\WINDOWS\loadasp.exe
Infected with: Trojan.Dropper.Agent.MH

C:\WINDOWS\loadasp.exe
Disinfection failed

C:\WINDOWS\loadasp.exe
Deleted

C:\WINDOWS\system32\aanqtiwg.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\aanqtiwg.dll
Disinfection failed

C:\WINDOWS\system32\aanqtiwg.dll
Deleted

C:\WINDOWS\system32\cfosxvux.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\cfosxvux.dll
Disinfection failed

C:\WINDOWS\system32\cfosxvux.dll
Deleted

C:\WINDOWS\system32\dcmrm.dll
Infected with: Backdoor.Friend.A

C:\WINDOWS\system32\dcmrm.dll
Disinfection failed

C:\WINDOWS\system32\dcmrm.dll
Delete failed

C:\WINDOWS\system32\ehioeisv.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\ehioeisv.dll
Disinfection failed

C:\WINDOWS\system32\ehioeisv.dll
Deleted

C:\WINDOWS\system32\eltyncab.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\eltyncab.dll
Disinfection failed

C:\WINDOWS\system32\eltyncab.dll
Deleted

C:\WINDOWS\system32\hnoxhdoi.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\hnoxhdoi.dll
Disinfection failed

C:\WINDOWS\system32\hnoxhdoi.dll
Deleted

C:\WINDOWS\system32\iaeiantv.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\iaeiantv.dll
Disinfection failed

C:\WINDOWS\system32\iaeiantv.dll
Deleted

C:\WINDOWS\system32\ifjtuvye.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\ifjtuvye.dll
Disinfection failed

C:\WINDOWS\system32\ifjtuvye.dll
Deleted

C:\WINDOWS\system32\ihepbkvg.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\ihepbkvg.dll
Disinfection failed

C:\WINDOWS\system32\ihepbkvg.dll
Deleted

C:\WINDOWS\system32\ixddetki.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\ixddetki.dll
Disinfection failed

C:\WINDOWS\system32\ixddetki.dll
Deleted

C:\WINDOWS\system32\lewpwqei.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\lewpwqei.dll
Disinfection failed

C:\WINDOWS\system32\lewpwqei.dll
Deleted

C:\WINDOWS\system32\mspfuugd.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\mspfuugd.dll
Disinfection failed

C:\WINDOWS\system32\mspfuugd.dll
Deleted

C:\WINDOWS\system32\mvoooelt.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\mvoooelt.dll
Disinfection failed

C:\WINDOWS\system32\mvoooelt.dll
Deleted

C:\WINDOWS\system32\nioncira.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\nioncira.dll
Disinfection failed

C:\WINDOWS\system32\nioncira.dll
Deleted

C:\WINDOWS\system32\njknlpnj.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\njknlpnj.dll
Disinfection failed

C:\WINDOWS\system32\njknlpnj.dll
Deleted

C:\WINDOWS\system32\nxfraact.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\nxfraact.dll
Disinfection failed

C:\WINDOWS\system32\nxfraact.dll
Deleted

C:\WINDOWS\system32\ojscttje.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\ojscttje.dll
Disinfection failed

C:\WINDOWS\system32\ojscttje.dll
Deleted

C:\WINDOWS\system32\qhfmyjbl.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\qhfmyjbl.dll
Disinfection failed

C:\WINDOWS\system32\qhfmyjbl.dll
Deleted

C:\WINDOWS\system32\qpljqfvr.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\qpljqfvr.dll
Disinfection failed

C:\WINDOWS\system32\qpljqfvr.dll
Delete failed

C:\WINDOWS\system32\rsbyiabe.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\rsbyiabe.dll
Disinfection failed

C:\WINDOWS\system32\rsbyiabe.dll
Deleted

C:\WINDOWS\system32\scxawvup.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\scxawvup.dll
Disinfection failed

C:\WINDOWS\system32\scxawvup.dll
Deleted

C:\WINDOWS\system32\sidvbvgb.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\sidvbvgb.dll
Disinfection failed

C:\WINDOWS\system32\sidvbvgb.dll
Deleted

C:\WINDOWS\system32\smdfpndl.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\smdfpndl.dll
Disinfection failed

C:\WINDOWS\system32\smdfpndl.dll
Deleted

C:\WINDOWS\system32\sxccfhbu.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\sxccfhbu.dll
Disinfection failed

C:\WINDOWS\system32\sxccfhbu.dll
Deleted

C:\WINDOWS\system32\vfipepun.dll
Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\vfipepun.dll
Disinfection failed

C:\WINDOWS\system32\vfipepun.dll
Deleted

C:\WINDOWS\system32\WINPHK.DLL
Infected with: Trojan.Hooker.T

C:\WINDOWS\system32\WINPHK.DLL
Disinfection failed

C:\WINDOWS\system32\WINPHK.DLL
Deleted

C:\WINDOWS\system32\xggrywmk.dll
Infected with: Trojan.Dldr.Conhook.AG

C:\WINDOWS\system32\xggrywmk.dll
Disinfection failed

C:\WINDOWS\system32\xggrywmk.dll
Deleted

Thanks Jintan.

#5 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 16 July 2007 - 07:46 AM

Pretty heavily infected system, but progress, and we'll be making more now. I recommend against using msconfig to access Safe Mode (setting it to SafeBoot), since this adds that command to the boot.ini. Should there be a glitch that causes a reboot entering Safe Mode the next restart command is - Safe Mode again. Can cause a reboot loop that takes some added steps to resolve. If you time it right and tap the F8 key about once a second (one one-thousand, two one-thousand .....) you'll gain access.

Can you tell me what this software does - it is not a known one I have information on:

C:\Program Files\Wilnline

Download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Then run ComboFix again as you did before.

Once that has completed Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.

Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.

-------------------------------

Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

===============================================

Reboot into Safe Mode (at startup tap the F8 key - every second - and select Safe Mode).

Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.

SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

And post back that log along with the vundofix.txt and the combofix text please. Also a new HijackThis log.

#6 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 17 July 2007 - 01:30 AM

C:\Program Files\Wilnline

I don't seem to be able to help you recognize that particular file. Within it is a folder titled "Cache" that has 822 small files inside. There are also a few text documents that are blank inside. It says the Cache file was created on July 15, 2007. The text documents were last modified back in Oct 24, 2005. Should i delete this hidden file?

VindoFix.txt log:
VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 6:07:30 PM 7/16/2007

Listing files found while scanning....

C:\windows\system32\aektfsxj.dll
C:\WINDOWS\system32\hpifwjej.dll
C:\windows\system32\hstpodqh.dll
C:\WINDOWS\system32\jejwfiph.ini
C:\windows\system32\qpljqfvr.dll

Beginning removal...

Attempting to delete C:\windows\system32\aektfsxj.dll
C:\windows\system32\aektfsxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hpifwjej.dll
C:\WINDOWS\system32\hpifwjej.dll Has been deleted!

Attempting to delete C:\windows\system32\hstpodqh.dll
C:\windows\system32\hstpodqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jejwfiph.ini
C:\WINDOWS\system32\jejwfiph.ini Has been deleted!

Attempting to delete C:\windows\system32\qpljqfvr.dll
C:\windows\system32\qpljqfvr.dll Has been deleted!

Performing Repairs to the registry.
Done!

ComboFix.txt log:

"Owner" - 2007-07-16 18:53:50 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))

2007-07-16 18:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-07-16 18:07 <DIR> d-------- C:\VundoFix Backups
2007-07-16 16:37 <DIR> d-------- C:\227a420d6b8ec2d72143b1
2007-07-16 16:18 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-16 15:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-15 12:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-15 11:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 10:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-15 02:30 836 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ViewerApp.dat
2007-07-15 01:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Motive
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lycos
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aim
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.limewire
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.jpi_cache
2007-07-15 01:24 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 01:24 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Yahoo! Messenger
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Template
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic Foundry
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-15 01:17 <DIR> d-------- C:\WINDOWS\pss
2007-06-17 21:10 32 --ahs---- C:\WINDOWS\system32\{981E6DF4-EF56-48B7-9837-71508F600CF8}.dat
2007-06-17 21:10 32 --ahs---- C:\WINDOWS\{C2DE7FE9-0E3A-4D91-8B0F-318831CE9792}.dat
2007-06-17 21:08 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-17 21:08 73,480 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-17 21:08 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2007-06-17 21:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-06-16 11:58 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 02:51:15 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-17 00:39:34 -------- d-----w C:\Program Files\Spyware Doctor
2007-07-15 22:21:16 -------- d-----w C:\Program Files\Common Files\rurq
2007-07-15 19:41:21 -------- d-----w C:\Program Files\2Wire
2007-07-08 06:04:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-08 05:02:13 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-08 05:02:12 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-07-01 07:09:51 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-06-18 05:09:23 -------- d-----w C:\Program Files\Symantec
2007-06-17 05:27:46 -------- d-----w C:\Program Files\545 Studios
2007-06-16 20:18:13 -------- d-----w C:\Program Files\WinPLOSION
2007-06-15 02:20:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-06-14 06:55:30 26,880 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-14 06:55:14 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-06-14 06:55:14 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-06-14 06:55:14 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-06-14 06:55:13 801 ----a-w C:\WINDOWS\system32\drivers\system_stable_header_small.gif
2007-06-14 06:55:13 6,533 ----a-w C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
2007-06-14 06:55:13 15,075 ----a-w C:\WINDOWS\system32\drivers\system_stable_box.jpg
2007-06-14 06:55:13 1,636 ----a-w C:\WINDOWS\system32\drivers\system_stable_header.gif
2007-06-14 06:55:12 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-06-14 06:55:12 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-06-14 06:55:12 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-06-14 06:55:12 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-06-14 06:55:11 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-06-14 06:55:11 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-06-14 06:55:11 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-06-14 06:55:10 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-06-14 06:55:10 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-06-14 06:55:10 3,099 ----a-w C:\WINDOWS\system32\drivers\logo.gif
2007-06-14 06:55:10 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-06-14 06:55:09 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-06-14 06:55:09 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-06-14 06:55:09 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-06-14 06:55:09 50,277 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-06-14 06:55:09 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-06-14 06:55:09 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-06-14 06:55:07 945 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-06-14 06:55:07 6,373 ----a-w C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-06-14 06:55:06 64 ----a-w C:\WINDOWS\system32\drivers\close_icon.gif
2007-06-14 06:55:06 6,575 ----a-w C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-06-14 06:55:06 360 ----a-w C:\WINDOWS\system32\drivers\header_bg.gif
2007-06-14 06:55:06 2,186 ----a-w C:\WINDOWS\system32\drivers\alert_icon.gif
2007-06-14 06:55:06 1,014 ----a-w C:\WINDOWS\system32\drivers\icon_warning.gif
2007-06-14 06:55:05 4,825 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-06-12 03:50:04 75,264 ----a-w C:\WINDOWS\system32\WEP.dll
2007-06-05 07:35:38 -------- d-----w C:\Program Files\Stardock
2007-05-31 01:06:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Snapfish
2007-05-24 00:58:54 29,264 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-05-24 00:58:50 83,024 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-24 00:58:46 57,424 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-24 00:58:42 53,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-24 00:58:38 39,376 ----a-w C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-23 03:00:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Image Zone Express
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 06:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 06:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 06:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 06:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 06:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 06:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 06:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 06:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 06:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 06:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2005-07-07 03:25:12 343,639 ------r C:\Program Files\Common Files\clbcatex.exe
2005-01-03 19:20:15 836 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ViewerApp.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F39022DD-4718-4AF5-8F89-DB61016B14Ce}]
C:\WINDOWS\system32\hstpodqh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 06:14]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"nwiz"="nwiz.exe" [2003-05-02 22:19 C:\WINDOWS\system32\nwiz.exe]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 17:51]
"HostManager"="C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe" [2005-08-02 14:26]
"WinHound"="C:\Program Files\WinHound\WinHound.exe" []
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2005-12-17 15:16]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2005-12-17 15:16]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"VF0060 STISvc"="V0060Pin.dll" [2004-10-31 17:00 C:\WINDOWS\system32\V0060Pin.dll]
"WinPLOSION"="C:\Program Files\WinPLOSION\WinPlosion.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-01 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-14 19:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll --a------ 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\setup.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\system32\msorcl32.exe

Contents of the 'Scheduled Tasks' folder
2007-07-02 05:29:17 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2004-05-28 02:37:18 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1072488026.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 19:07:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 19:10:02
C:\ComboFix-quarantined-files.txt ... 2007-07-16 19:10
C:\ComboFix2.txt ... 2007-07-15 11:26

--- E O F ---

SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2007 at 10:36 PM

Application Version : 3.9.1008

Core Rules Database Version : 3270
Trace Rules Database Version: 1281

Scan type : Complete Scan
Total Scan Time : 01:30:48

Memory items scanned : 222
Memory threats detected : 0
Registry items scanned : 6277
Registry threats detected : 35
File items scanned : 65376
File threats detected : 186

Adware.180solutions/ZangoSearch
HKU\.DEFAULT\Software\Zango
HKU\S-1-5-18\Software\Zango
C:\TEMP\180SAINSTALLER.EXE

Adware.Elite Media
C:\WINDOWS\etb\etb.ini
C:\WINDOWS\etb\etl
C:\WINDOWS\etb\xml\adult.tbr
C:\WINDOWS\etb\xml\categories
C:\WINDOWS\etb\xml\default.tbr
C:\WINDOWS\etb\xml\images\50kwincash2.bmp
C:\WINDOWS\etb\xml\images\casino.bmp
C:\WINDOWS\etb\xml\images\dating.bmp
C:\WINDOWS\etb\xml\images\findemails.bmp
C:\WINDOWS\etb\xml\images\ringtones.bmp
C:\WINDOWS\etb\xml\images\searchpeople.bmp
C:\WINDOWS\etb\xml\images\shop.bmp
C:\WINDOWS\etb\xml\images\virus.bmp
C:\WINDOWS\etb\xml\images
C:\WINDOWS\etb\xml\search.mnu
C:\WINDOWS\etb\xml
C:\WINDOWS\etb

Trojan.Media-Codec
HKCR\VSEnchancer.Chl
HKCR\VSEnchancer.Chl\CLSID

Adware.Zango Toolbar/Hb
HKU\S-1-5-21-2288469357-86668978-2428812178-1003\Software\ZangoToolbar
HKLM\Software\ZangoToolbar
HKLM\Software\ZangoToolbar\ZangoToolbar
HKLM\Software\ZangoToolbar\ZangoToolbar\PI
HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2
HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2#PID00
HKLM\Software\ZangoToolbar\ZangoToolbar\Upgrade
HKLM\Software\ZangoToolbar\ZangoToolbar\Upgrade#LastChecked
HKCR\Wallpaper.WallpaperManager
HKCR\Wallpaper.WallpaperManager\CLSID
HKCR\Wallpaper.WallpaperManager\CurVer
HKCR\Wallpaper.WallpaperManager.1
HKCR\Wallpaper.WallpaperManager.1\CLSID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\win32
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\HELPDIR
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Owner\Application Data\ZangoToolbar

Adware.WildMedia/Midaddle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\PNC4DT.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\QQUEV.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\VF2MH.DLL
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\PNC4DT.DLL
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\QQUEV.DLL
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\VF2MH.DLL

Adware.180solutions/Search Assistant
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RES5E.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RESCA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\RES5E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\RESCA.TMP
C:\RECYCLER\NPROTECT

Edited by Jintan, 17 July 2007 - 01:12 PM.

#7 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 17 July 2007 - 01:21 PM

That startup message you are getting is from having changes made in msconfig - if you open msconfig again, and under General check off Normal Startup (Apply/OK) that will be corrected on next reboot (no need to reboot just now though). I have a difficult time reviewing the pale blue (on my browser) logs forced when someone used the "Code" function. In an attempt to improve the odds I wouldn't miss something here I used the Edit function allowed us to remove the Code tags in that last post, but I see the page also cut the post end when saving that. If you would, please run and post back a new HijackThis log.

Also as you are reposting Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here as well. best not to post logs with the "Code" function if you would.

#8 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 17 July 2007 - 06:19 PM

Silent Runner Log:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AutoTKit" = "C:\hp\bin\AUTOTKIT.EXE" [null data]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"mmtask" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"]
"HostManager" = "C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe" ["America Online, Inc."]
"WinHound" = "C:\Program Files\WinHound\WinHound.exe" [file not found]
"CaAvTray" = ""C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"" ["Computer Associates International, Inc."]
"CAVRID" = ""C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"" ["Computer Associates International, Inc."]
"YOP" = "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" ["Yahoo! Inc."]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"VF0060 STISvc" = "RunDLL32.exe V0060Pin.dll,RunDLL32EP 513" [MS]
"WinPLOSION" = ""C:\Program Files\WinPLOSION\WinPlosion.exe"" [file not found]
"SDTray" = ""C:\Program Files\Spyware Doctor\SDTrayApp.exe"" ["PC Tools"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F39022DD-4718-4AF5-8F89-DB61016B14Ce}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hstpodqh.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"
-> {HKLM...CLSID} = "My Kahuna"
\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}" = "OmniPass Shell Extension"
-> {HKLM...CLSID} = "OmniPass Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CE2AA40-1317-11D3-9922-00104B0AD431}" = "CA_AntiVirus"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\Ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> OPXPGina\DLLName = "C:\Program Files\Softex\OmniPass\opxpgina.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
OPShellE\(Default) = "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"
-> {HKLM...CLSID} = "OmniPass Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\Ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
OPShellE\(Default) = "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"
-> {HKLM...CLSID} = "OmniPass Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Stardock ObjectDock" -> shortcut to: "C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"hp psc 1000 series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"hpoddt01.exe" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"SBC Self Support Tool" -> shortcut to: "C:\Program Files\SBC Self Support Tool\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Updates from HP" -> shortcut to: "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup" [null data]

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"FRU Task #Hewlett-Packard#hp psc 1200 series#1072488026" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1072488026"" [empty string]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\VetRedir.dll ["Computer Associates International, Inc."], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP View"
\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP View"
\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)
-> {HKLM...CLSID} = "HP View"
\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{8F4902B6-6C04-4ADE-8052-AA58578A21BD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "hp view"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\(Default) = "HP View"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

CAISafe, CAISafe, "C:\Program Files\Yahoo!\Antivirus\ISafe.exe" ["Computer Associates International, Inc."]
Norton Personal Firewall Accounts Manager, NISUM, ""c:\Program Files\Norton Personal Firewall\NISUM.EXE"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]
Softex OmniPass Service, omniserv, "C:\Program Files\Softex\OmniPass\Omniserv.exe" [null data]
Spyware Doctor Auxiliary Service, sdAuxService, "C:\Program Files\Spyware Doctor\svcntaux.exe" ["PC Tools"]
Spyware Doctor Service, sdCoreService, "C:\Program Files\Spyware Doctor\swdsvc.exe" ["PC Tools"]
Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Proxy Service, ccPxySvc, ""c:\Program Files\Norton Personal Firewall\ccPxySvc.exe"" ["Symantec Corporation"]
VET Message Service, VETMSGNT, "C:\Program Files\Yahoo!\Antivirus\VetMsg.exe" ["Computer Associates International, Inc."]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
hpzsnt12\Driver = "hpzsnt12.dll" ["HP"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 126 seconds, including 18 seconds for message boxes)

New HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:03:49 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\hstpodqh.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\WinPlosion.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134859808406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134859798828
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#9 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 17 July 2007 - 08:43 PM

More improvements as we go - good work so far. Some of those infected items were located in that Wilnline folder, so likely an unwanted item.

FYI - for that HP Backweb (Messenger) software on your system might want to check the HP info here on it - Also look there under:

Can I uninstall the messaging service?

Navigate to the following folders, and if found, delete them:

C:\Program Files\Wilnline
C:\Program Files\Common Files\rurq
C:\Program Files\WinHound
C:\Program Files\WinPLOSION

Then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\WinPlosion.exe"

Then download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually the C drive), and launch from there.

NOTE: Please do not run any other options from SmitfraudFix until we discuss the results.

#10 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 17 July 2007 - 10:59 PM

The files you listed were all deleted. I also uninstall the HP Update program.

SmitFraudFix log:

SmitFraudFix v2.204

Scan done at 21:55:56.46, Tue 07/17/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

HKLM\SOFTWARE\WinHound.com FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\WINDOWS\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Warning homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A9F60C4C-EA46-4F4B-99E0-C5E887DD09C9}: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Advertisements

Register to Remove

#11 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 18 July 2007 - 05:22 PM

That picked some out - let's make more repairs now. Make sure Spyware Doctor remains disabled.

Download the free version of AVG Anti-Spyware from here to your Desktop and doubleclick on the executable to install it.

Launch AVG Anti-Spyware (there should be an icon on your desktop, doubleclick it if the program does not open). The program will now go to the main screen.

You will now need to update AVG Anti-Spyware to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. Do not run a scan yet.

===================================================

When you have done this, boot into Safe Mode (restart your computer and tap F8 continuously as it restarts).

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; The tool may need to restart your computer to finish the cleaning process. If it does, restart back into Safe Mode to complete the next step.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Still in Safe Mode Run AVG Anti-Spyware now. First click on Settings > Recommended Action and change it to Quarantine. Next look at Reports and uncheck "Only if threats were found". Don't change any other settings.

Click on the "Scan" tab and click on "Complete System Scan" to begin scanning. When the scan is finished, look at "Set all elements to" and click to change to "Quarantine" if this option is not displayed. Click on "Apply All Actions" and then click the "Save Report" button at the bottom of the screen. Click on "Save Report As" and save the report to your desktop. Close AVG Anti-Spyware and reboot.

==================================

After the reboot post back the rapport.txt log and the AVG log please.

#12 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 18 July 2007 - 10:24 PM

rapport.txt log:

SmitFraudFix v2.204

Scan done at 18:03:14.31, Wed 07/18/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A9F60C4C-EA46-4F4B-99E0-C5E887DD09C9}: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

HKLM\SOFTWARE\WinHound.com Deleted

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AVG LOg:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:04:38 PM 7/18/2007

+ Scan result:

C:\RECYCLER\NPROTECT030495.cab/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049053.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049229.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049230.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049231.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049232.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-2288469357-86668978-2428812178-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-2288469357-86668978-2428812178-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445614156.asw/Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07022005164411773312.asw/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07022005164411773312.asw/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445618453.asw -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0620200514445421187.asw -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049254.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049255.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049256.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049257.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047749.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049236.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049237.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049238.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049239.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049240.EXE -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049241.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\csband.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\cseng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\csutil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\fileutil.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049128.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temp\temp.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\SDFix\backups\backups.zip/backups/temp.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047627.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2288469357-86668978-2428812178-1003\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2288469357-86668978-2428812178-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047404.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049066.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049055.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049063.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049226.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049227.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049228.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047391.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU\RunOnce -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM\RunOnce -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuAllUsers -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuCurrentUser -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\BrowserObjects -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Dien\Application Data\PSGuard.com\PSGuard\Quarantine\Packages -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049252.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049260.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049262.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049258.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049259.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049250.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049120.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll -> Adware.Viewpoint : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049253.exe -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049244.dll -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049249.exe -> Adware.Xupiter : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP407\A0049242.DLL -> Backdoor.Ruledor.i : Cleaned with backup (quarantined).
C:\WINDOWS\ExeDialer.exe -> Dialer.EGroup.k : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc71\113140.dlr -> Dialer.Tibs.i : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2288469357-86668978-2428812178-1003\Dc5\rurqd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047750.exe -> Dropper.Agent.mh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047761.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP402\A0047775.DLL -> Trojan.Hooker.t : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445615546.asw -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0620200514445420500.asw -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

is it better if i just uninstall my Spyware Doctor?
Thanks.

#13 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 19 July 2007 - 03:53 PM

Infected items were stacked in there like cordwood. Excellent progress. Let's see about perhaps an additional activity/file finding check now. Any system issues you are experiencing at this point?

Run ATF Cleaner again, then Go here for an online AV scan (requires IE to run). If your AV alerts you while the scan installs ignore this - Panda's Active Scan method is often mistaken for infection activity.

Scan "Local Disks" and when finished save the scan log and then post the log here. To save the log first select the See Report button, then select the Save report button, and post that log back here, along with a new HijackThis log please.

#14 Jordan_Inc

Authentic Member

Authentic Member
41 posts

Posted 19 July 2007 - 11:05 PM

AV Scan log:

Incident Status Location

Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\shortcuts.txt
Adware:adware/popuper Not disinfected C:\Documents and Settings\All Users\Favorites\Buy Viagra Online.url
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\shortcuts.txt
Virus:Trj/Agent.AEO Disinfected C:\Documents and Settings\Default User\Local Settings\Temp\tp7543.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\restart.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tang\Cookies\tang@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tang\Cookies\tang@888[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\tang\Cookies\tang@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tang\Cookies\tang@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\tang\Cookies\tang@ads.addynamix[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\tang\Cookies\tang@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tang\Cookies\tang@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\tang\Cookies\tang@atdmt[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tang\Cookies\tang@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tang\Cookies\tang@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tang\Cookies\tang@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\tang\Cookies\tang@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\tang\Cookies\tang@btg.btgrab[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tang\Cookies\tang@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tang\Cookies\tang@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\tang\Cookies\tang@citi.bridgetrack[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\tang\Cookies\tang@cliks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\tang\Cookies\tang@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tang\Cookies\tang@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tang\Cookies\tang@doubleclick[1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\tang\Cookies\tang@empnads[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tang\Cookies\tang@fastclick[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\tang\Cookies\tang@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\tang\Cookies\tang@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\tang\Cookies\tang@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\tang\Cookies\tang@overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tang\Cookies\tang@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\tang\Cookies\tang@servedby.advertising[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\tang\Cookies\tang@spylog[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tang\Cookies\tang@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\tang\Cookies\tang@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\tang\Cookies\tang@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\tang\Cookies\tang@valueclick[2].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\tang\Cookies\tang@xxxtoolbar[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tang\Cookies\tang@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tang\Cookies\tang@zedo[1].txt
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\4923968.dll
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\AutoUpdate0\auto_update_install.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\cassetup.exe
Adware:Adware/Zango Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\Del92.tmp
Possible Virus. Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\Del9D.tmp
Adware:Adware/Zango Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\Del9F.tmp
Possible Virus. Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\DelA9.tmp
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\II61.tmp
Adware:Adware/WinAD Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\MediaAccessInstPack.exe
Adware:Adware/Zango Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\res93.tmp
Adware:Adware/Zango Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\resA0.tmp
Adware:Adware/VirtualBouncer Not disinfected C:\Documents and Settings\tang\Local Settings\Temp\wrapperouter.exe
Adware:Adware/DealHelper Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\CN0BQH6N\download[1].htm
Adware:Adware/SurfAccuracy Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\CN0BQH6N\SAcc[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\CN0BQH6N\webservice[2].htm
Adware:Adware/SurfAccuracy Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\GN430XI5\sacc_remove[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\GN430XI5\webservice[1].htm
Adware:Adware/DealHelper Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\OBN051FT\downloaddll[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\OBN051FT\package_MARKETING27[1].exe
Adware:Adware/IST.SideFind Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\OBN051FT\sfbho13[1].dll
Adware:Adware/IST.SideFind Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\Q947KT2V\sidefind13[1].dll
Adware:Adware/DealHelper Not disinfected C:\Documents and Settings\tang\Local Settings\Temporary Internet Files\Content.IE5\Q947KT2V\version[1].exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Common Files\AOL\1130986072\ee\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Common Files\AOL\1130986072\ee\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445614296.asw
Spyware:Spyware/Apropos Not disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445654781.asw
Spyware:Spyware/Apropos Not disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0602200519445654890.asw
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR[contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR[menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR[toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
Adware:Adware/Twain-Tech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCF.tmp
Adware:Adware/nCase Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD0.tmp
Spyware:Cookie/Abetterinternet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD1.tmp
Adware:Adware/SAHAgent Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDA.tmp
Adware:Adware Program Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB.tmp\Bin\FileVersions.ini
Adware:Adware Program Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB.tmp\Bin\Topicks.reg
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\system32.dll.vir[Catcher.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\1800.exe.vir
Adware:Adware/Zango Not disinfected C:\RECYCLER\NPROTECT030660.inf
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\csctx.dll
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\skinui.dll
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc63\Platform\Bin\unins.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc64\Catcher.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-3540234815-1806647969-3740420808-1003\Dc76\SrchAstt\1.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hpifwjej.dll.bad
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/ncase Not disinfected C:\WINDOWS\didduid.ini
Dialer:Dialer.B Not disinfected C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\eied.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Dialer:Dialer.ABR Not disinfected C:\WINDOWS\Downloaded Program Files\start85.inf
Adware:adware/gator Not disinfected C:\WINDOWS\GatorUninstaller_cme.log
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/SearchFast Not disinfected C:\WINDOWS\srchfstu.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\switchagreement.txt
Spyware:Cookie/Allthatsearch Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@10102[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@64.62.232[2].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@aff506[1].txt
Virus:Generic Malware Disinfected C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:02:14 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\hstpodqh.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134859808406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134859798828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

The computer has load much faster than before but opening programs such as Internet Explorer was really slow. It took about 3-5 minutes to pop up. Thanks Jintan

#15 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 20 July 2007 - 08:20 PM

Still active infection, and possibly some we're not getting a chance to see. Clean and look now. Be very sure to keep Spyware Doctor disabled, as it will both interfere with fixes and changes and slow things up as well.

Open AVG AntiSpyware and change the Resident Shield status to "inactive".

Then Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.

Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.

===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.

SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

Once you have done that Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder

When you have done this, doubleclick on Gmer.exe to run it and click on Settings. Check the first five settings (see below)

System Protection and Tracing
Processes
Save created processes to the log
Drivers
Save loaded drivers to the log

You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab. Look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Body Background

skin color theme