Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Popups And Memory Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 18 May 2007 - 02:07 PM

While Spybot Search & Destroy seems to have worked for me in the past, it seems there's nothing it can do for my current problem. I've been getting popups on a random basis, and a process called "spool32" keeps appearing and using up all my computer's memory, to the point where I can hardly do anything without shutting the process down in task manager, but it comes back after a short while. Also, there's a thing Spybot can't remove called "Smitfraud-C. Coreservice", because it says it's currently being used and can't be deleted. I'm not that experienced with this sort of thing, so I'd appreciate you guys helping me get back to normal. Here's my Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 3:55:23 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1155342728\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PPATCH~1\regsvr32.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rwinsodv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\s?curity\??ool32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155342728\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ysqstlkd.dll",realset
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinsodv.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ddtray] desktop\Drunk Duck Alerter.lnk
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Scbu] "C:\PROGRA~1\PPATCH~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Fwemda] "C:\Program Files\s?curity\??ool32.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Thanks in advance.

    Advertisements

Register to Remove


#2 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 19 May 2007 - 06:06 AM

Welcome to the forum.

Please follow the instructions in the post below......you don't have to install MVPS Hosts.....but I do want you to install and run SuperAntiSpyware free also.
Post the logs from ComboFix, AVG-AS, SAS and a fresh HJT log back here.

http://forums.maddok...?showtopic=8250

MrC


#3 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 19 May 2007 - 06:38 PM

Thanks for the help, MrCharlie. I appreciate you taking the time to save my computer! Here's the stuff.

COMBOFIX LOG

"HP_Administrator" - 2007-05-19 15:39:01 Service Pack 2
ComboFix 07-05.19.5.V - Running from: "C:\Program Files\Mozilla Firefox\"



(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\cmvmuvvj.dll
C:\WINDOWS\system32\ysqstlkd.dll
C:\WINDOWS\system32\fccabax.dll
C:\WINDOWS\system32\fccaxuv.dll
C:\WINDOWS\system32\jkkjjki.dll
C:\WINDOWS\system32\khfdcbx.dll
C:\WINDOWS\system32\ljjgfec.dll
C:\WINDOWS\system32\nnnmlmj.dll
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.bak2
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\oqtss.ini2
C:\WINDOWS\system32\oqtss.tmp
C:\WINDOWS\system32\dkltsqsy.ini
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\fccyvuu.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Internet Explorer\rtertenomaj.html
C:\Program Files\Internet Explorer\qulazusok.dll
C:\WINDOWS\system32\smpi1\lb5.exe
C:\WINDOWS\system32\smpi1\lib06.exe
C:\WINDOWS\system32\smpi1\lib67.exe
C:\WINDOWS\system32\smpi1\lpc22.exe
C:\Temp\17O7\tmpTF.log
C:\Program Files\microsoft\svhost32.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\smpi1
C:\Temp\17O7
C:\Temp\tn3
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\HP_ADM~1
C:\qoobox\purity\C\DOCUME~1\HP_ADM~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\HP_ADM~1\APPLIC~1\ICROSO~1.NET
C:\qoobox\purity\C\DOCUME~1\HP_ADM~1\APPLIC~1\RACLE~1
C:\qoobox\purity\C\Program Files\PPATCH~1
C:\qoobox\purity\C\Program Files\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\CURITY~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))


2007-05-18 17:07 <DIR> d-------- C:\WINDOWS\pss
2007-05-18 16:27 132,660 --a------ C:\WINDOWS\system32\smeatwpk.dll
2007-05-18 08:20 929 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-18 08:20 184,405 --a------ C:\WINDOWS\system32\rwinsodv.exe
2007-05-17 17:22 70,720 --a------ C:\WINDOWS\system32\cXA4n4Mt.exe
2007-05-17 14:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-17 14:59 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
2007-05-17 14:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-17 10:10 <DIR> d-------- C:\VundoFix Backups
2007-05-17 10:09 4,832 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-16 21:17 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-16 21:17 <DIR> d-------- C:\Temp
2007-05-15 19:11 <DIR> d-------- C:\Program Files\Guild Wars
2007-05-15 19:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\FaxCtr
2007-05-14 15:03 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-05-14 15:03 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-14 14:58 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lexmark Imaging Studio
2007-05-14 14:55 <DIR> d-------- C:\Program Files\Lx_cats
2007-05-14 14:54 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-05-14 14:54 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2007-05-14 14:54 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll
2007-05-14 14:54 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-05-14 14:54 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2007-05-14 14:54 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2007-05-14 14:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
2007-05-14 14:53 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-05-14 14:53 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-05-14 14:53 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2007-05-14 14:52 381,872 --a------ C:\WINDOWS\system32\lxddcfg.exe
2007-05-14 14:52 323,584 --a------ C:\WINDOWS\system32\LXDDhcp.dll
2007-05-14 14:52 278,528 --a------ C:\WINDOWS\system32\LXDDinst.dll
2007-05-14 14:52 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-05-14 14:49 77,906 --a------ C:\WINDOWS\system32\lxddcfg.dll
2007-05-14 14:49 331,776 -ra------ C:\WINDOWS\system32\lxddcoin.dll
2007-05-14 14:49 <DIR> d-------- C:\logs
2007-05-10 09:30 <DIR> d-------- C:\Program Files\Max Payne
2007-05-05 23:50 <DIR> d-------- C:\Program Files\Audacity
2007-04-30 17:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-30 17:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-30 17:59 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2007-04-30 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-04-30 17:38 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-24 00:09 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Morpheus
2007-04-24 00:08 <DIR> d-------- C:\Program Files\Morpheus
2007-04-23 11:00 <DIR> d-------- C:\Program Files\directx
2007-04-23 10:54 <DIR> d-------- C:\Program Files\Konami
2007-04-19 19:45 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-04-19 19:45 <DIR> d-------- C:\Program Files\MtG Editor


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-19 19:34:31 24,914 ----a-w C:\WINDOWS\system32\dllms.dll
2007-05-19 19:23:18 -------- d-----w C:\Program Files\Google
2007-05-19 11:08:38 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-15 23:07:09 -------- d-----w C:\Program Files\MagicDisc
2007-05-10 13:30:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 12:56:44 -------- d-----w C:\Program Files\Drunk Duck Alerter
2007-04-15 21:01:00 -------- d-----w C:\Program Files\InterActual
2007-04-15 03:42:33 -------- d-----w C:\Program Files\Last.fm
2007-04-13 02:07:14 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-04-10 10:36:31 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-08 23:11:42 -------- d-----w C:\Program Files\WiFiConnector
2007-04-08 15:11:32 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-07 03:51:28 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
2007-04-07 03:49:45 -------- d-----w C:\Program Files\VideoLAN
2007-04-07 03:41:09 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Media Player Classic
2007-03-26 02:15:24 -------- d-----w C:\Program Files\Kontiki
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-02-12 23:59:20 385,968 ----a-w C:\WINDOWS\system32\lxddih.exe
2007-02-12 23:59:16 537,520 ----a-w C:\WINDOWS\system32\lxddcoms.exe
2007-02-12 10:57:10 106,496 ----a-w C:\WINDOWS\system32\lxddinsr.dll
2007-02-12 10:57:04 36,864 ----a-w C:\WINDOWS\system32\lxddcur.dll
2007-02-12 10:56:34 143,360 ----a-w C:\WINDOWS\system32\lxddjswr.dll
2007-02-12 10:53:20 200,704 ----a-w C:\WINDOWS\system32\lxddinsb.dll
2007-02-12 10:53:12 86,016 ----a-w C:\WINDOWS\system32\lxddcub.dll
2007-02-12 10:50:24 77,824 ----a-w C:\WINDOWS\system32\lxddcu.dll
2007-02-12 10:50:22 176,128 ----a-w C:\WINDOWS\system32\lxddins.dll
2007-02-12 10:46:56 507,904 ----a-w C:\WINDOWS\system32\lxddutil.dll
2007-02-12 10:46:04 208,896 ----a-w C:\WINDOWS\system32\lxddgrd.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{574A77A5-FB4F-446A-A709-BC4D279DD3EF}=C:\Program Files\microsoft frontpage\mezoger.dll [2007-04-06 15:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" []
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 13:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 10:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-12 12:12]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 19:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 19:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 20:00]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 18:05]
"{5B-B1-19-9B-ZN}"="c:\windows\system32\dwdsregt.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"Steam"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-03-15 16:57]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
C:\Program Files\Internet Explorer\rtertenomaj.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddtray]
desktop\Drunk Duck Alerter.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fwemda]
"C:\Program Files\s?curity\??ool32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155342728\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
WudfServiceGroup WUDFSvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\SETUP.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6e7c14-fdbc-11db-a831-001150b42808}]
Shell\AutoRun\command X:\install.exe


Contents of the 'Scheduled Tasks' folder
2007-05-19 04:00:30 C:\WINDOWS\tasks\At1.job
2007-05-18 13:00:31 C:\WINDOWS\tasks\At10.job
2007-05-18 14:00:30 C:\WINDOWS\tasks\At11.job
2007-05-18 15:00:30 C:\WINDOWS\tasks\At12.job
2007-05-18 16:00:30 C:\WINDOWS\tasks\At13.job
2007-05-18 17:00:30 C:\WINDOWS\tasks\At14.job
2007-05-18 18:00:30 C:\WINDOWS\tasks\At15.job
2007-05-18 19:00:30 C:\WINDOWS\tasks\At16.job
2007-05-18 20:00:30 C:\WINDOWS\tasks\At17.job
2007-05-18 21:00:30 C:\WINDOWS\tasks\At18.job
2007-05-18 22:00:30 C:\WINDOWS\tasks\At19.job
2007-05-19 05:00:30 C:\WINDOWS\tasks\At2.job
2007-05-18 23:00:30 C:\WINDOWS\tasks\At20.job
2007-05-19 00:00:30 C:\WINDOWS\tasks\At21.job
2007-05-19 01:00:35 C:\WINDOWS\tasks\At22.job
2007-05-19 02:00:30 C:\WINDOWS\tasks\At23.job
2007-05-19 03:00:30 C:\WINDOWS\tasks\At24.job
2007-05-19 06:00:30 C:\WINDOWS\tasks\At3.job
2007-05-19 07:00:30 C:\WINDOWS\tasks\At4.job
2007-05-19 08:00:30 C:\WINDOWS\tasks\At5.job
2007-05-19 09:00:30 C:\WINDOWS\tasks\At6.job
2007-05-19 10:00:30 C:\WINDOWS\tasks\At7.job
2007-05-19 11:00:30 C:\WINDOWS\tasks\At8.job
2007-05-18 12:00:30 C:\WINDOWS\tasks\At9.job
2007-05-19 19:44:00 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-19 15:48:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-19 15:52:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-19 15:52


--- E O F ---


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:37:02 PM 5/19/2007

+ Scan result:



C:\Documents and Settings\HP_Administrator\Desktop\OiUninstaller.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP265\A0037947.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039392.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039393.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\A0039424.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\A0039425.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039470.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039471.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038261.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038310.exe -> Adware.SpyHunter : Cleaned.
C:\Program Files\microsoft frontpage\mezoger.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP265\A0037979.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038256.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038297.exe -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039356.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039359.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039364.exe -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\A0039430.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\snapshot\MFEX-1.DAT -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039527.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039528.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039529.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039530.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039531.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039532.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039540.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039524.exe -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\rwinsodv.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039521.exe -> Adware.ZQuest : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039516.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039517.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039520.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039469.exe -> Downloader.PurityScan.af : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039389.exe -> Downloader.PurityScan.eg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039476.exe -> Downloader.PurityScan.eg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039518.dll -> Hijacker.StartPage : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039366.sys -> Rootkit.Agent.eq : Cleaned.
:mozilla.92:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.12:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.105:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.119:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.220:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.10:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.11:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.13:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.15:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.8:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.192:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.193:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.134:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.205:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.208:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
:mozilla.149:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.150:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.55:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.56:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.57:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.64:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.151:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.152:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.143:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.144:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.145:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.146:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.147:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.148:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.176:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.177:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.178:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.179:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.199:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.200:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.201:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.202:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.203:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.204:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.120:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.121:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.122:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.124:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.125:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.127:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.197:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.155:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.156:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1z0fiiw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039519.exe -> Trojan.Agent : Cleaned.
C:\Program Files\Konami\Silent Hill 2\Silent Hill 2 eng [ nocd ].exe -> Trojan.Feutel.av : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039523.exe -> Trojan.Lineage : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP189\A0033379.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP193\A0033499.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP196\A0033599.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP199\A0033692.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0033873.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0033924.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP213\A0034293.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0034366.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP217\A0035366.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP217\A0035379.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP218\A0035409.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP218\A0035451.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP219\A0035487.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP226\A0035674.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP247\A0036233.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP258\A0036610.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP261\A0037608.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP261\A0037671.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP264\A0037882.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP265\A0037954.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP265\A0037986.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038269.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038289.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038331.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039346.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0039374.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\A0039434.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP267\A0039452.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039486.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\WINDOWS\system32\dllms.dll -> Trojan.OnLineGames.arg : Cleaned.
C:\RadioactiveMUGEN\WinMugen\Misc MUGEN files\gca_v09k.exe -> Trojan.Regspy : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038255.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038257.dll -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP266\A0038260.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP268\A0039472.exe -> Trojan.Small : Cleaned.


::Report end


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2007 at 08:22 PM

Application Version : 3.7.1018

Core Rules Database Version : 3241
Trace Rules Database Version: 1252

Scan type : Complete Scan
Total Scan Time : 02:36:43

Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 6552
Registry threats detected : 74
File items scanned : 233701
File threats detected : 192

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\br
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\br#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\cdn
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\cdn#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\de
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\de#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download.cdn
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download.cdn#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\go
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\go#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\instlog
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\instlog#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\kb
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\kb#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\nl
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\nl#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\se
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\se#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\secure
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\secure#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\utils
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\utils#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\www
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\www#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\br
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\br#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\download
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\download#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\fr
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\fr#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\instlog
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\instlog#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\utils
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\utils#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www#*
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www.utils
HKU\S-1-5-21-1566108260-1359744834-1092941229-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www.utils#*

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.xbox.ign[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@oads.cracked[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data2.perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data3.perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.12titans[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextag[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@h.starware[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mb[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rainofgods.tripod[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@vmix.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads2.blastro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eztracks.aavalue[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@recipe[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.starware[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@count.exitexchange[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.pc.ign[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.ytmnd[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@count3.exitexchange[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaservices.myspace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@count1.exitexchange[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@campaign.indieclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@html[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.wii.ign[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@belnk[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indiads[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.ps2.ign[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adknowledge[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.morpheus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toplist[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@count2.exitexchange[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.allthatsearch[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.contactmusic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@17099220[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@basic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@exitexchange[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cracked[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatraffic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dist.belnk[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@88270523[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cgsociety[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@html[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@50881381[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gostats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hc2.humanclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partner2profit[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pch.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.epilot[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@ad.isohunt[2].txt
C:\USERDATA\Cookies\hp_administrator@ad.pro-advertising[1].txt
C:\USERDATA\Cookies\hp_administrator@ad.sensismediasmart.com[1].txt
C:\USERDATA\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\USERDATA\Cookies\hp_administrator@ad1.clickhype[1].txt
C:\USERDATA\Cookies\hp_administrator@ad2.adecn[1].txt
C:\USERDATA\Cookies\hp_administrator@adecn[1].txt
C:\USERDATA\Cookies\hp_administrator@adknowledge[2].txt
C:\USERDATA\Cookies\hp_administrator@adlegend[1].txt
C:\USERDATA\Cookies\hp_administrator@admarketplace[1].txt
C:\USERDATA\Cookies\hp_administrator@adopt.euroclick[2].txt
C:\USERDATA\Cookies\hp_administrator@adopt.specificclick[2].txt
C:\USERDATA\Cookies\hp_administrator@adrevolver[2].txt
C:\USERDATA\Cookies\hp_administrator@adrevolver[3].txt
C:\USERDATA\Cookies\hp_administrator@ads.addynamix[1].txt
C:\USERDATA\Cookies\hp_administrator@ads.cnn[1].txt
C:\USERDATA\Cookies\hp_administrator@ads.cosplay[2].txt
C:\USERDATA\Cookies\hp_administrator@ads.glispa[2].txt
C:\USERDATA\Cookies\hp_administrator@ads.newgrounds[1].txt
C:\USERDATA\Cookies\hp_administrator@ads.pointroll[1].txt
C:\USERDATA\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\USERDATA\Cookies\hp_administrator@ads.urbandictionary[1].txt
C:\USERDATA\Cookies\hp_administrator@adserver.festeringads[2].txt
C:\USERDATA\Cookies\hp_administrator@adserver.filefront[2].txt
C:\USERDATA\Cookies\hp_administrator@adserver.zeads[1].txt
C:\USERDATA\Cookies\hp_administrator@adserver[1].txt
C:\USERDATA\Cookies\hp_administrator@adultswim[2].txt
C:\USERDATA\Cookies\hp_administrator@adv.surinter[1].txt
C:\USERDATA\Cookies\hp_administrator@advertising[2].txt
C:\USERDATA\Cookies\hp_administrator@anad.tacoda[2].txt
C:\USERDATA\Cookies\hp_administrator@anat.tacoda[2].txt
C:\USERDATA\Cookies\hp_administrator@as-us.falkag[2].txt
C:\USERDATA\Cookies\hp_administrator@atdmt[2].txt
C:\USERDATA\Cookies\hp_administrator@bellglobemediapublishing.122.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@belnk[1].txt
C:\USERDATA\Cookies\hp_administrator@bluestreak[1].txt
C:\USERDATA\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\USERDATA\Cookies\hp_administrator@burstnet[2].txt
C:\USERDATA\Cookies\hp_administrator@burstnet[3].txt
C:\USERDATA\Cookies\hp_administrator@burstnet[4].txt
C:\USERDATA\Cookies\hp_administrator@burstnet[5].txt
C:\USERDATA\Cookies\hp_administrator@c2.gostats[2].txt
C:\USERDATA\Cookies\hp_administrator@cad-media[1].txt
C:\USERDATA\Cookies\hp_administrator@cartoonnetwork.122.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@casalemedia[1].txt
C:\USERDATA\Cookies\hp_administrator@chicagosuntimes.122.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@clickability[1].txt
C:\USERDATA\Cookies\hp_administrator@counter[2].txt
C:\USERDATA\Cookies\hp_administrator@cpvfeed[2].txt
C:\USERDATA\Cookies\hp_administrator@data2.perf.overture[1].txt
C:\USERDATA\Cookies\hp_administrator@data3.perf.overture[2].txt
C:\USERDATA\Cookies\hp_administrator@dist.belnk[2].txt
C:\USERDATA\Cookies\hp_administrator@doubleclick[2].txt
C:\USERDATA\Cookies\hp_administrator@e-2dj6wfkygkazclq.stats.esomniture[2].txt
C:\USERDATA\Cookies\hp_administrator@easy-hit-counters[1].txt
C:\USERDATA\Cookies\hp_administrator@edge.ru4[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-cafepress.hitbox[2].txt
C:\USERDATA\Cookies\hp_administrator@ehg-gamespot.hitbox[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-ignitemedia.hitbox[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-newegg.hitbox[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-newscientist.hitbox[2].txt
C:\USERDATA\Cookies\hp_administrator@ehg-paintball.hitbox[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-ubisoft.hitbox[1].txt
C:\USERDATA\Cookies\hp_administrator@ehg-wizardsofthecoast.hitbox[2].txt
C:\USERDATA\Cookies\hp_administrator@entrepreneur[2].txt
C:\USERDATA\Cookies\hp_administrator@fastclick[2].txt
C:\USERDATA\Cookies\hp_administrator@fortunecity[2].txt
C:\USERDATA\Cookies\hp_administrator@hotlog[2].txt
C:\USERDATA\Cookies\hp_administrator@htmlgear.tripod[1].txt
C:\USERDATA\Cookies\hp_administrator@interclick[1].txt
C:\USERDATA\Cookies\hp_administrator@itxt.vibrantmedia[1].txt
C:\USERDATA\Cookies\hp_administrator@kanoodle[1].txt
C:\USERDATA\Cookies\hp_administrator@maxim.122.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@mediaplex[1].txt
C:\USERDATA\Cookies\hp_administrator@monstersandcritics.advertserve[1].txt
C:\USERDATA\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\USERDATA\Cookies\hp_administrator@nextag[1].txt
C:\USERDATA\Cookies\hp_administrator@overture[1].txt
C:\USERDATA\Cookies\hp_administrator@partner2profit[2].txt
C:\USERDATA\Cookies\hp_administrator@partypoker[1].txt
C:\USERDATA\Cookies\hp_administrator@perf.overture[1].txt
C:\USERDATA\Cookies\hp_administrator@realmedia[1].txt
C:\USERDATA\Cookies\hp_administrator@reduxads.valuead[1].txt
C:\USERDATA\Cookies\hp_administrator@revsci[2].txt
C:\USERDATA\Cookies\hp_administrator@roiservice[1].txt
C:\USERDATA\Cookies\hp_administrator@sel.as-eu.falkag[1].txt
C:\USERDATA\Cookies\hp_administrator@server.cpmstar[1].txt
C:\USERDATA\Cookies\hp_administrator@serving-sys[2].txt
C:\USERDATA\Cookies\hp_administrator@smartcpc.advertserve[1].txt
C:\USERDATA\Cookies\hp_administrator@soundtrack[2].txt
C:\USERDATA\Cookies\hp_administrator@stat.onestat[2].txt
C:\USERDATA\Cookies\hp_administrator@statcounter[2].txt
C:\USERDATA\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\USERDATA\Cookies\hp_administrator@superstats[1].txt
C:\USERDATA\Cookies\hp_administrator@tacoda[1].txt
C:\USERDATA\Cookies\hp_administrator@trafficmp[1].txt
C:\USERDATA\Cookies\hp_administrator@tribalfusion[2].txt
C:\USERDATA\Cookies\hp_administrator@tripod[1].txt
C:\USERDATA\Cookies\hp_administrator@weborama[1].txt
C:\USERDATA\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\USERDATA\Cookies\hp_administrator@www.burstnet[1].txt
C:\USERDATA\Cookies\hp_administrator@www.entrepreneur[1].txt
C:\USERDATA\Cookies\hp_administrator@www.screensavers[2].txt
C:\USERDATA\Cookies\hp_administrator@www.ttracker[1].txt
C:\USERDATA\Cookies\hp_administrator@www.xctrk[2].txt
C:\USERDATA\Cookies\hp_administrator@xiti[1].txt
C:\USERDATA\Cookies\hp_administrator@zealotslore.freestats[2].txt
C:\USERDATA\Cookies\hp_administrator@zedo[1].txt

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINUNINSTALLER.EXE-21B1415A.PF

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS


NEW HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 8:36:06 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pixelatedempire.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {574A77A5-FB4F-446A-A709-BC4D279DD3EF} - C:\Program Files\microsoft frontpage\mezoger.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [{5B-B1-19-9B-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 19 May 2007 - 07:26 PM

Looks Better.

I need to know more about this file and service:

O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe

Please find this file and upload it
HERE for a free scan - let me know the results.

C:\WINDOWS\system32\lxddcoms.exe

If it's too busy - try here:
http://www.virustota.../en/indexf.html

------------------


Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items:

O2 - BHO: (no name) - {574A77A5-FB4F-446A-A709-BC4D279DD3EF} - C:\Program Files\microsoft frontpage\mezoger.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [{5B-B1-19-9B-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com

Click on Fix Checked and exit HijackThis.

---------------

Delete this file if found:

c:\windows\system32\dwdsregt.exe

----------------

Reboot and post a fresh HijackThis log and we'll take another look. MrC


#5 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 19 May 2007 - 08:47 PM

That file came up OK after the scan. There was nothing wrong with it. Here's the new Hijackthis report.

Logfile of HijackThis v1.99.1
Scan saved at 10:44:47 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pixelatedempire.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Thanks again for your time and effort.

#6 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 20 May 2007 - 07:09 AM

Is it possible this file belongs to Lexmark?
Right click on it and choose properties....see what it says.

C:\WINDOWS\system32\lxddcoms.exe

-------------------

Since you mentioned Smitfraud-C....let run a scan to see if you have any traces of it on the system.

Please do this for me..........
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
_____________________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!
MrC


#7 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 20 May 2007 - 07:15 AM

That file said it was for "Printer Communication", and it is a Lemark file. I recently installed a new printer scanner, so that's likely where it came from. Here's the scan. SmitFraudFix v2.183 Scan done at 9:12:11.76, Sun 05/20/2007 Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\arservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxddcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\Tasks\At?.job FOUND ! C:\WINDOWS\Tasks\At??.job FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="C:\\Program Files\\Internet Explorer\\rtertenomaj.html" "SubscribedURL"="" "FriendlyName"="" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 16.92.3.242 DNS Server Search Order: 16.92.3.243 DNS Server Search Order: 16.81.3.243 DNS Server Search Order: 16.118.3.243 Description: Belkin Wireless G USB Network Adapter - Packet Scheduler Miniport DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#8 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 20 May 2007 - 07:32 AM

OK, it found a couple of items...please do this:

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Warning : running option #2 on a uninfected computer will remove your Desktop background.
Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

MrC


#9 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 20 May 2007 - 12:11 PM

OK, here's the Rapport.txt! SmitFraudFix v2.183 Scan done at 13:37:40.84, Sun 05/20/2007 Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\Tasks\At?.job Deleted C:\WINDOWS\Tasks\At??.job Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB645D4-1105-488F-B7C8-8E1FCB208E54}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

#10 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 20 May 2007 - 12:35 PM

OK, it did its job.

How's it running now, MrC


#11 Normalman

Normalman

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 20 May 2007 - 12:37 PM

As far as I can tell, it's running great! Just like it was before I screwed it up... Thank you kindly for the help you've given me. I'll see about a donation when my payday rolls around! Thank you so much! : D

#12 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 20 May 2007 - 01:44 PM

OK, that's good news!

If you have any questions - please post back

I'll leave you with........

Some Preventive Maintenance:

Some of the programs you may have run create backups of what was deleted - you can safely delete them now: (delete folders in blue) You can also delete/uninstall the programs themselves.

C:\!KillBox (KillBox)
C:\VundoFix Backups (VundoFix)
C:\QooBox (ComboFix)
C:\SDFix\backups\backups.zip (SDFix)
C:\avenger\backup.zip (Avenger)

If you used AVG Anti-Spyware and/or SuperAntiSpyware...........

Open up SuperAntiSpyware > Preferences > General and Start-up > Start-up Options > Uncheck > Start SAS when Windows Starts.
"SAS free" provides no real time protection so there's no need for it to be running, I suggest you keep the program and update regularly - you can use it to scan for malware. It's an excellent program. When you want to start it - just double click on the SAS icon.

AVG Anti-Spyware will provide 30 days of real time protection and then after that you can use it to scan for malware - you'll have to manually update it first.


------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point:

Note: This will remove all previous Restore Points!

1. Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer,

2. Turn on System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UnCheck Turn off System Restore.
Click Apply, and then click OK.

Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked.

SpywareBlaster Check for updates weekly.

SpywareGuard

IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
or try the new ZonedOut

Blocking Unwanted Parasites with a Hosts File
Direct Download - MVPS HOSTS <==> MVPS HOSTS Tutorial

Need a free anti virus?
AVG*free
Avast free
AntiVir® PersonalEdition Classic
-->Check for updates - daily<---

How about a firewall? The front door to your computer.
Windows firewall is not suffient...install a better one.
Comodo Free Firewall
ZoneAlarm*free
Other free firewalls

Keep those temp files off your system use
ATF Cleaner - hit "select all" then just uncheck "cookies" (uncheck cookies is optional - leave it checked if you want to delete all cookies) then "empty selected"
or
CCleaner
Uncheck "Cookies" under "Internet Explorer".
That will clear out all the temp files on the system.

IMPORTANT!! Your version is jre1.5.0_05
Keep your Sun Java up-to-date JRE Version 6 Update 1<--newest version
Delete ALL old versions from add/remove programs if listed first!
http://forums.tomcoy...showtopic=68632

Keep the registry backed up - use ERUNT
Print this out and save it
ERUNT Tutorial

Starter Manage you startup programs and services.

----------Free malware removal programs:----------

AVG Anti-Spyware<---VERY GOOD! (XP and 2K only)
SUPERAntiSpyware (free edition)<---Excellent!
AVG Anti-Rootkit Free Edition Run it!!
SpyBot
AD-Aware
CW-Shredder

Please consider using FireFox instead of Internet Explorer. A more secure browser! Easy to make the change!
FireFox Tutorial


Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable "Windows Messenger Service" XP - 2K (stops pop-up ads -etc):
Shoot The Messenger

Anti-Rootkit Software - Detection, Removal & Protection

Reduce Online Fraud

Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC


#13 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 23 May 2007 - 03:17 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users