12 replies to this topic

[leesburg dave]

Every time I use IE7 or Firefox, internet explorer web pages come up on the screen. I annot get rid of them. I am including the Hijackit report and the other reports from AVG Anti-Spyware, and Activescan.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:24:37 AM 7/4/2007

+ Scan result:



C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Ignored.
C:\i386\gtdownls_95.ocx -> Adware.Gdown : Ignored.
C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Directory 1 for kill2me[1].zip\Kill2Me.exe -> Adware.LookMe : Ignored.
C:\Documents and Settings\Dave\Local Settings\Temp\8foamynn.exe -> Adware.PurityScan : Ignored.
C:\Documents and Settings\Dave\Local Settings\Temp\afe540pb.exe -> Adware.PurityScan : Ignored.
C:\Documents and Settings\Dave\Local Settings\Temp\idv270hj.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP915\A0247393.dll -> Adware.Virtumonde : Ignored.
C:\Documents and Settings\Dave\Cookies\dave@amazontimex.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@bidzcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@blindscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@crutchfield.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@hollywoodentertainment.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@palmone.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@palmone.112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@powellsbooks.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@sonymediasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@volkswagen.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@bidzcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@bookspan.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@newmotioninc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@scrippshgtv.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.171:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@adrevolver[5].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.186:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.44:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.45:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.46:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.330:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.339:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@msn-cnet.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[5].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[6].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[7].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cpvfeed[5].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@cpvfeed[6].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.42:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@doubleclick[4].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6wfk4goc5olo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6wgmyukdpmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6whloundjscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6whmyoiajihp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6wjmygpdpchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6wjny-1gc5kb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@e-2dj6wjnyqjdjcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@e-2dj6wjlowncjcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.73:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-billgrahamarchives.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-foxsports.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-hollywood.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-ioffer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-newarkinone.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-nikoninc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-researchinmotion.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-topps.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-upperdeck.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ehg-verizoncommunications.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ehg-brooksbrothers.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ehg-directv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ehg-hollywoodmedia.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.214:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.173:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.174:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.175:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.206:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.207:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.208:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.209:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.210:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.258:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.259:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.29:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.131:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.132:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.133:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.134:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.141:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.70:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@network.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.80:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.81:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.82:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.83:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.84:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.85:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.86:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@stats1.reliablestats[5].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.65:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.68:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.66:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.72:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.18:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.19:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\n2s8nivl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.48:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sara\Cookies\sara@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave\Cookies\dave@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\pktmqnis.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Local Settings\Temp\qfltjjvp.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Local Settings\Temp\vanvdsyl.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\Documents and Settings\Sara\Local Settings\Temp\eexynrdd.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Local Settings\Temp\win3A.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP917\A0272430.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP917\A0275864.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 9:47:09 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Firefly Media Server\FireflyShell.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [FireflyShell] "C:\Program Files\Firefly Media Server\FireflyShell.exe" -q
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rojhsugy.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_S12A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase7617.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143989819596
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adrevolver[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adultfriendfinder[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adultfriendfinder[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dave\Cookies\dave@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atwola[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Cookies\dave@cdfreaks[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dave\Cookies\dave@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dave\Cookies\dave@cgi-bin[5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dave\Cookies\dave@cgi-bin[6].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Cookies\dave@club.cdfreaks[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Cookies\dave@dist.belnk[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dave\Cookies\dave@drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dave\Cookies\dave@drivecleaner[3].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Dave\Cookies\dave@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@errorsafe[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@errorsafe[3].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@errorsafe[4].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Dave\Cookies\dave@i.screensavers[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dave\Cookies\dave@stats.drivecleaner[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Dave\Cookies\dave@stats1.reliablestats[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Dave\Cookies\dave@systemdoctor[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Dave\Cookies\dave@systemdoctor[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dave\Cookies\dave@target[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tucows[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Dave\Cookies\dave@versiontracker[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@winantispyware[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@winantivirus[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@winantivirus[4].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.errorsafe[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.errorsafe[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.errorsafe[3].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.systemdoctor[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.winantiviruspro[2].txt
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\etpkyond.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\mfwotccp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\pvufkssy.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\qyjtjybi.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Directory 1 for kill2me[1].zip\Kill2Me.exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\win32.tmp.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\win36.tmp.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Dave\Local Settings\Temp\xcgyugij.dll
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sara\Application Data\Mozilla\Firefox\Profiles\o2wclcdt.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sara\Cookies\sara@adrevolver[4].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sara\Cookies\sara@atwola[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sara\Cookies\sara@ct.360i[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@drivecleaner[3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@drivecleaner[4].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sara\Cookies\sara@errorsafe[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sara\Cookies\sara@errorsafe[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sara\Cookies\sara@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sara\Cookies\sara@i.screensavers[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@stats.drivecleaner[3].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Sara\Cookies\sara@systemdoctor[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sara\Cookies\sara@target[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sara\Cookies\sara@winantivirus[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sara\Cookies\sara@winantivirus[3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@www.drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sara\Cookies\sara@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sara\Cookies\sara@www.errorsafe[1].txt
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Sara\Local Settings\Temp\mtyovrim.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe

[Simon V.]

• Hello, and welcome to the forum.
  
  My name is Simon V., and I'll be glad to help you with your computer problems.
  
  HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
  I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.
  
  Please be patient and I'd be grateful if you would note the following:
  
• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

[Simon V.]

• Hi
  
  ComboFix
  
• Please download Combofix from one of the links below:
  
  http://download.blee...Bs/ComboFix.exe
  http://www.techsuppo...Bs/ComboFix.exe
  
• Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save it to a convenient location.
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Make an Uninstall List
  
• To access the Uninstall Manager you would do the following:
  
  1. Start HijackThis
  2. Click on the Config button
  3. Click on the Misc Tools button
  4. Click on the Open Uninstall Manager button.
  
  You will now be presented with a screen similar to the one below:
  
  
  
  5. Click on the Save list... button and save the file to a convenient location. When you press Save, Notepad will open with the contents of that file. Please post the Uninstall List from HijackThis and the Combofix log, along with a new HijackThis logfile in your next reply.

[leesburg dave]

I've included the combofix log file and Hijackthis file as requested.

leesburg dave

2007-06-13 21:42	  262752	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkhf.dll.vir
2007-06-14 16:04	  1810616	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.tmp.vir
2007-06-14 20:03	  1810657	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.ini.vir
2007-06-19 21:33	  93	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-19 21:37	  125504	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jjdydldb.dll.vir
2007-06-26 20:03	  66112	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\qbdiqtvp.dll.vir
2007-06-29 22:51	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\sbpojfwk.dll.vir
2007-06-29 22:51	  345	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\kwfjopbs.ini.vir
2007-07-02 12:28	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xvwskcrp.dll.vir
2007-07-02 12:28	  1988694	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\prckswvx.ini.vir
2007-07-02 14:49	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wrycvobu.dll.vir
2007-07-02 14:49	  295	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ubovcyrw.ini.vir
2007-07-02 21:37	  1000167	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\odiqyhck.ini.vir
2007-07-02 21:37	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\kchyqido.dll.vir
2007-07-03 19:15	  1858194	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.bak1.vir
2007-07-04 17:17	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vesgegqw.dll.vir
2007-07-04 18:11	  1052322	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wqgegsev.ini.vir
2007-07-04 18:18	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\qwnmhvcv.dll.vir
2007-07-05 07:52	  1054487	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vcvhmnwq.ini.vir
2007-07-05 08:00	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\igabptsj.dll.vir
2007-07-05 19:23	  1035390	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jstpbagi.ini.vir
2007-07-05 19:25	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\cetnkuam.dll.vir
2007-07-06 06:09	  1853080	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.bak2.vir
2007-07-06 06:10	  1035510	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\maukntec.ini.vir
2007-07-06 06:18	  128576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\sruxvbns.dll.vir
2007-07-06 16:38	  1027188	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\snbvxurs.ini.vir
2007-07-06 16:41	  66112	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\lcetjuiy.dll.vir
2007-07-06 16:52	  10542	--a------	C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-07-06 16:52	  1302	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-07-06 16:52	  1854442	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.ini2.vir
2007-07-06 16:53	  51	--a------	C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is CC1A-D72E
C:\QOOBOX
\---Quarantine
	|   catchme.log
	|   
	+---C
	|   \---WINDOWS
	|	   |   wr.txt.vir
	|	   |   
	|	   \---system32
	|			   cetnkuam.dll.vir
	|			   fhkmp.bak1.vir
	|			   fhkmp.bak2.vir
	|			   fhkmp.ini.vir
	|			   fhkmp.ini2.vir
	|			   fhkmp.tmp.vir
	|			   igabptsj.dll.vir
	|			   jjdydldb.dll.vir
	|			   jstpbagi.ini.vir
	|			   kchyqido.dll.vir
	|			   kwfjopbs.ini.vir
	|			   lcetjuiy.dll.vir
	|			   maukntec.ini.vir
	|			   odiqyhck.ini.vir
	|			   pmkhf.dll.vir
	|			   prckswvx.ini.vir
	|			   qbdiqtvp.dll.vir
	|			   qwnmhvcv.dll.vir
	|			   sbpojfwk.dll.vir
	|			   snbvxurs.ini.vir
	|			   sruxvbns.dll.vir
	|			   ubovcyrw.ini.vir
	|			   vcvhmnwq.ini.vir
	|			   vesgegqw.dll.vir
	|			   wqgegsev.ini.vir
	|			   wrycvobu.dll.vir
	|			   xvwskcrp.dll.vir
	|			   
	\---Registry_backups
			LEGACY_NM.reg.cf
			services_nm.reg.cf

Logfile of HijackThis v1.99.1
Scan saved at 9:07:08 AM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Firefly Media Server\FireflyShell.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\abgtaulg.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [FireflyShell] "C:\Program Files\Firefly Media Server\FireflyShell.exe" -q
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\qyfhtwvs.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_S12A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase7617.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183498327250
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[Simon V.]

Hi

Please post this log: C:\Combofix.txt and the Uninstall List from HijackThis (see my previous post for instructions).

[Simon V.]

Do you still require help? If my instructions are unclear to you, please say so

[leesburg dave]

Yes I still need help. I thought I posted the the files you requested. leesburg dave

[Simon V.]

Hi

The report you posted was the Quarantine log from Combofix. However, I need this one: C:\Combofix.txt.
Also, I want you to know that I will be away for the weekend. I will have an answer for you Monday, if you have posted the requested log

Thanks,

Simon

Edited by Simon V., 13 July 2007 - 04:12 AM.

[leesburg dave]

This should be the file that you are looking for.

leesburg dave


"Dave" - 2007-07-14 19:08:58 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-06 21:59 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-07-06 21:58 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-06 21:57 61,064 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-06 21:57 136,248 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-06 16:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 09:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-04 09:13 <DIR> d-------- C:\KAV
2007-07-03 16:38 <DIR> d-------- C:\Program Files\InterMute
2007-06-30 18:27 <DIR> d-------- C:\Program Files\iPod
2007-06-30 18:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-06-30 10:18 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-30 00:23 96,560 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-06-30 00:23 572,808 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-06-30 00:23 40,496 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-06-30 00:23 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-06-30 00:23 37,296 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-06-30 00:23 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-06-30 00:23 206,728 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-06-30 00:23 188,208 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-06-30 00:23 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-06-29 23:12 7,337 --a------ C:\dnsbak.reg
2007-06-28 19:00 30,896 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2007-06-27 22:09 <DIR> d-------- C:\Program Files\Audacity
2007-06-25 19:36 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-19 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-19 21:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-19 19:29 43,960 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-06-19 19:29 316,984 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-06-19 19:29 276,280 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-06-16 16:23 84,428 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-16 15:58 <DIR> d-------- C:\Program Files\Safari
2007-06-16 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-15 20:27 126,016 --a------ C:\WINDOWS\system32\dxafijxb.dll
2007-06-15 14:14 <DIR> d-------- C:\DOCUME~1\Sara\APPLIC~1\Southwest Airlines
2007-06-15 14:13 <DIR> d-------- C:\Program Files\Southwest Airlines
2007-06-15 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 16:37:04 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-14 01:59:01 -------- d-----w C:\Program Files\Firefly Media Server
2007-07-09 23:25:11 -------- d-----w C:\Program Files\Palm
2007-07-09 23:24:00 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-07-08 22:42:22 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Apple Computer
2007-07-07 02:01:06 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Symantec
2007-07-07 02:00:07 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-07 02:00:07 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-07 02:00:07 -------- d-----w C:\Program Files\Symantec
2007-07-05 00:18:29 128,224 ----a-w C:\DOCUME~1\Dave\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-04 15:39:52 -------- d-----w C:\Program Files\RokuNSE
2007-07-04 15:39:01 -------- d-----w C:\Program Files\QuickTime
2007-07-04 15:36:42 -------- d-----w C:\Program Files\MSN Messenger
2007-07-04 15:30:49 -------- d-----w C:\Program Files\Microsoft Location Finder
2007-07-04 15:30:26 -------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-07-04 15:26:58 -------- d-----w C:\Program Files\iTunes
2007-07-04 15:26:08 -------- d-----w C:\Program Files\IconChanger
2007-07-04 15:25:38 -------- d-----w C:\Program Files\Google
2007-07-04 15:23:35 -------- d-----w C:\Program Files\Digital Line Detect
2007-07-04 15:17:20 -------- d-----w C:\Program Files\Bonjour
2007-07-04 15:08:24 -------- d-----w C:\Program Files\7-Zip
2007-07-02 00:59:24 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Smart Recorder
2007-06-30 16:20:30 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Audacity
2007-06-30 04:23:22 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-06-23 23:10:41 3,443 ----a-w C:\WINDOWS\mozver.dat
2007-06-19 23:29:40 1,422 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-06-19 23:29:39 1,431 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-06-19 23:29:39 1,416 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-06-16 19:56:17 -------- d-----w C:\Program Files\Apple Software Update
2007-06-13 00:27:30 10,588 ----a-r C:\WINDOWS\system32\drivers\co_mon.cat
2007-06-08 18:57:26 550 ----a-r C:\WINDOWS\system32\drivers\CO_Mon.inf
2007-06-08 00:35:34 35,168 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 01:19:10 -------- d-----w C:\Program Files\BitTorrent
2007-06-02 15:32:39 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\BitTorrent
2007-05-29 20:55:36 705 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-05-29 20:55:36 22,112 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-29 20:55:36 10,592 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2007-05-26 22:35:36 -------- d-----w C:\Program Files\Sony
2007-05-26 22:35:05 -------- d-----w C:\Program Files\Sony Setup
2007-05-26 20:12:13 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Sony
2007-05-26 16:57:40 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Publish Providers
2007-05-26 16:50:42 -------- d-----w C:\Program Files\Vstplugins
2007-05-23 10:23:19 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\vlc
2007-05-23 10:20:22 -------- d-----w C:\Program Files\VideoLAN
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 14:50:52 196,608 ----a-w C:\WINDOWS\system32\Utility.dll
2007-04-17 14:50:50 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2007-04-17 14:50:46 204,848 ----a-w C:\WINDOWS\system32\gswin32c.exe
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-11-27 00:32:52 1,508 ----a-w C:\Program Files\uninstal.log
2006-09-07 01:35:22 3,226 ----a-w C:\DOCUME~1\Dave\APPLIC~1\wklnhst.dat
2002-05-21 15:00:48 1,362 ----a-r C:\Program Files\ReadMe.txt
2006-02-12 19:38:39 56 --sh--r C:\WINDOWS\system32\7A92FE9DC8.sys
2006-02-12 19:38:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-06-29 20:48 300400 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-07-06 21:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-24 21:53 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
2007-03-01 15:05 623992 --a------ C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 13:34]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 20:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"@"="" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 13:42]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 17:37]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 19:12]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 12:41]
"FireflyShell"="C:\Program Files\Firefly Media Server\FireflyShell.exe" [2006-08-20 17:43]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 C:\WINDOWS\system32\nvmctray.dll]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-28 10:48]
"CTHelper"="CTHELPER.EXE" [2005-09-20 13:08 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 07:07 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-29 05:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-30 01:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 18:25]
"Start WingMan Profiler"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"EPSON PictureMate PM 240"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.exe" [2006-05-19 04:00]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 12:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 21:53]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
winrge32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuurpn]
wvuurpn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Digimarc Desktop Crawler.lnk]
path=C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Digimarc Desktop Crawler.lnk
backup=C:\WINDOWS\pss\Digimarc Desktop Crawler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-11 21:20:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-14 02:01:50 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-10 00:00:00 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Dave.job
2007-06-02 14:12:24 C:\WINDOWS\tasks\RoxioUpdator.job
2007-07-14 23:17:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 19:19:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 19:20:27
C:\ComboFix-quarantined-files.txt ... 2007-07-14 19:20
C:\ComboFix2.txt ... 2007-07-06 17:04

--- E O F ---

[Simon V.]

• Hi
  
  Upload Files to Virustotal
  
• Please visit Virustotal
  • Click the Browse... button.
  • Navigate to the file C:\WINDOWS\system32\drivers\SymIM.sys
  • Click the Open button.
  • Click the Send button.
  • Copy and paste the results in Notepad, and save them to your desktop, so you can post them in your next reply.
  Combofix
  
• Open Notepad, and copy/paste the text in the quotebox below into it:
  
  

  File::
  
  C:\WINDOWS\system32\dxafijxb.dll
  C:\WINDOWS\SYSTEM32\winrge32.dll
  C:\WINDOWS\SYSTEM32\wvuurpn.dll 
  
  
  Registry::
  
  [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
  [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuurpn]

• Save this as "CFScript".
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe.
  
• It will create a log. Please post the Combofix log and the results from Virustotal, along with a new HijackThis log in your next reply.

[leesburg dave]

Here you go..

leesburg dave



Logfile of HijackThis v1.99.1
Scan saved at 9:34:23 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Firefly Media Server\FireflyShell.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [FireflyShell] "C:\Program Files\Firefly Media Server\FireflyShell.exe" -q
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_S12A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase7617.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183498327250
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Español | Polski
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File SymIM.sys received on 07.18.2007 03:29:08 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.7.14.0 2007.07.17 no virus found
AntiVir 7.4.0.42 2007.07.17 no virus found
Authentium 4.93.8 2007.07.18 no virus found
Avast 4.7.997.0 2007.07.17 no virus found
AVG 7.5.0.476 2007.07.17 no virus found
BitDefender 7.2 2007.07.17 no virus found
CAT-QuickHeal 9.00 2007.07.17 no virus found
ClamAV devel-20070416 2007.07.17 no virus found
DrWeb 4.33 2007.07.18 no virus found
eSafe 7.0.15.0 2007.07.17 no virus found
eTrust-Vet 30.8.3790 2007.07.17 no virus found
Ewido 4.0 2007.07.17 no virus found
FileAdvisor 1 2007.07.18 no virus found
Fortinet 2.91.0.0 2007.07.17 no virus found
F-Prot 4.3.2.48 2007.07.17 no virus found
F-Secure 6.70.13030.0 2007.07.17 no virus found
Ikarus T3.1.1.8 2007.07.17 no virus found
Kaspersky 4.0.2.24 2007.07.18 no virus found
McAfee 5076 2007.07.17 no virus found
Microsoft 1.2704 2007.07.17 no virus found
NOD32v2 2404 2007.07.17 no virus found
Norman 5.80.02 2007.07.17 no virus found
Panda 9.0.0.4 2007.07.17 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.18 no virus found
Symantec 10 2007.07.18 no virus found
TheHacker 6.1.7.148 2007.07.16 no virus found
VBA32 3.12.2 2007.07.17 no virus found
VirusBuster 4.3.23:9 2007.07.17 no virus found
Webwasher-Gateway 6.0.1 2007.07.17 no virus found
Aditional information
File size: 30896 bytes
MD5: ab029417cb1eb005f6135ec96b073c83
SHA1: 10c83f58610ec0f615dd8c9c78cefec60864c644


ATENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


VirusTotal © Hispasec Sistemas - Blog - Contacto: info@virustotal.com


"Dave" - 2007-07-18 21:11:54 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Dave\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxafijxb.dll


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-17 13:35 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-15 20:44 69,592 -ra-s---- C:\WINDOWS\system32\RokuCFG.exe
2007-07-15 20:36 8,704 --a------ C:\WINDOWS\system32\RokuRes.dll
2007-07-15 17:03 <DIR> d-------- C:\Program Files\RokuNSE
2007-07-06 21:59 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-07-06 21:58 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-06 21:57 61,064 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-06 21:57 136,248 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-06 16:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 09:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-04 09:13 <DIR> d-------- C:\KAV
2007-07-03 16:38 <DIR> d-------- C:\Program Files\InterMute
2007-06-30 18:27 <DIR> d-------- C:\Program Files\iPod
2007-06-30 18:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-06-30 10:18 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-30 00:23 96,560 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-06-30 00:23 572,808 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-06-30 00:23 40,496 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-06-30 00:23 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-06-30 00:23 37,296 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-06-30 00:23 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-06-30 00:23 206,728 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-06-30 00:23 188,208 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-06-30 00:23 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-06-29 23:12 7,337 --a------ C:\dnsbak.reg
2007-06-28 19:00 30,896 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2007-06-27 22:09 <DIR> d-------- C:\Program Files\Audacity
2007-06-25 19:36 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-19 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-19 21:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-19 19:29 43,960 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-06-19 19:29 316,984 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-06-19 19:29 276,280 --a------ C:\WINDOWS\system32\drivers\srtsp.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 01:10:47 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 00:23:32 -------- d-----w C:\Program Files\Palm
2007-07-16 23:12:21 -------- d-----w C:\Program Files\Firefly Media Server
2007-07-09 23:24:00 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-07-08 22:42:22 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Apple Computer
2007-07-07 02:01:06 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Symantec
2007-07-07 02:00:07 -------- d-----w C:\Program Files\Symantec
2007-07-05 00:18:29 128,224 ----a-w C:\DOCUME~1\Dave\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-04 21:20:39 -------- d-----w C:\Program Files\Safari
2007-07-04 15:39:01 -------- d-----w C:\Program Files\QuickTime
2007-07-04 15:36:42 -------- d-----w C:\Program Files\MSN Messenger
2007-07-04 15:30:49 -------- d-----w C:\Program Files\Microsoft Location Finder
2007-07-04 15:30:26 -------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-07-04 15:26:58 -------- d-----w C:\Program Files\iTunes
2007-07-04 15:26:08 -------- d-----w C:\Program Files\IconChanger
2007-07-04 15:25:38 -------- d-----w C:\Program Files\Google
2007-07-04 15:23:35 -------- d-----w C:\Program Files\Digital Line Detect
2007-07-04 15:17:20 -------- d-----w C:\Program Files\Bonjour
2007-07-04 15:08:24 -------- d-----w C:\Program Files\7-Zip
2007-07-02 00:59:24 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Smart Recorder
2007-06-30 16:20:30 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Audacity
2007-06-23 23:10:41 3,443 ----a-w C:\WINDOWS\mozver.dat
2007-06-20 01:39:14 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-16 20:23:14 84,428 ---ha-w C:\WINDOWS\system32\mlfcache.dat
2007-06-16 19:56:17 -------- d-----w C:\Program Files\Apple Software Update
2007-06-15 18:13:59 -------- d-----w C:\Program Files\Southwest Airlines
2007-06-08 00:35:34 35,168 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 01:19:10 -------- d-----w C:\Program Files\BitTorrent
2007-06-02 15:32:39 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\BitTorrent
2007-05-29 20:55:36 22,112 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-26 22:35:36 -------- d-----w C:\Program Files\Sony
2007-05-26 22:35:05 -------- d-----w C:\Program Files\Sony Setup
2007-05-26 20:12:13 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Sony
2007-05-26 16:57:40 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\Publish Providers
2007-05-26 16:50:42 -------- d-----w C:\Program Files\Vstplugins
2007-05-23 10:23:19 -------- d-----w C:\DOCUME~1\Dave\APPLIC~1\vlc
2007-05-23 10:20:22 -------- d-----w C:\Program Files\VideoLAN
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-02-12 19:38:39 56 --sh--r C:\WINDOWS\system32\7A92FE9DC8.sys
2006-02-12 19:38:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-06-29 20:48 300400 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-07-06 21:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-24 21:53 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
2007-03-01 15:05 623992 --a------ C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 13:34]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 20:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"@"="" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 13:42]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 17:37]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 19:12]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 12:41]
"FireflyShell"="C:\Program Files\Firefly Media Server\FireflyShell.exe" [2006-08-20 17:43]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 C:\WINDOWS\system32\nvmctray.dll]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-28 10:48]
"CTHelper"="CTHELPER.EXE" [2005-09-20 13:08 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 07:07 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-29 05:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-30 01:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 18:25]
"Start WingMan Profiler"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"EPSON PictureMate PM 240"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.exe" [2006-05-19 04:00]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 12:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 21:53]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Digimarc Desktop Crawler.lnk]
path=C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Digimarc Desktop Crawler.lnk
backup=C:\WINDOWS\pss\Digimarc Desktop Crawler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-18 21:20:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-18 05:44:53 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-17 00:00:00 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Dave.job
2007-06-02 14:12:24 C:\WINDOWS\tasks\RoxioUpdator.job
2007-07-19 01:12:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 21:13:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 21:13:46
C:\ComboFix-quarantined-files.txt ... 2007-07-18 21:13
C:\ComboFix2.txt ... 2007-07-18 20:12
C:\ComboFix3.txt ... 2007-07-14 19:20

--- E O F ---

[Simon V.]

• Hi
  
  Fix Entries with HijackThis
  
• Open HijackThis, perform a scan and put a check next to the following items (if present):
  
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
  
  Close all programs except HijackThis and click on Fix checked.
  
  Update Java
  
• Your Java software is out of date. Follow these instructions to update it:
  • Go to Start and click on Control Panel, then double-click on Add or Remove Programs.
  • Search for previously installed versions of Java (J2SE Runtime Environment), and remove it. It should have this icon next to it:
  • Then download and install Java Runtime Environment Version 6u2.
  Prevention
  
• Congratulations, your log looks clean. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:
  • Delete Tools - You can now delete the following files/folders:
    • Combofix.exe, C:\Qoobox, C:\Combofix.txt
  • Rehide your System Files
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check next to Hide file extensions for known file types.
    • Under the Hidden files folder, select Do not show hidden files and folders.
    • Check Hide protected operating system files.
    • Click Apply, and then click OK.
  • Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    • Turn off System Restore.
    • On the desktop, right-click My Computer
    • Click Properties
    • Click the System Restore tab
    • Check Turn off System Restore
    • Click Apply, and then click OK
    • Reboot.
    • Turn on System Restore.
    • On the desktop, right-click My Computer
    • Click Properties
    • Click the System Restore tab
    • Uncheck Turn off System Restore
    • Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Make your Internet Explorer more secure
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab.
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Update your Anti-Virus Software - It is very imprtant that you update your Anti-Virus software at least once a week (even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.
• Use a Firewall - A firewall is very important for the security of your computer. The Windows Firewall which comes with Service Pack 2 does not monitor outgoing connections, so any malware can 'phone home' without you knowing it. For an article on firewalls and a listing of some available ones see the link below:
  Computer Safety On line - Software Firewalls
• Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
  This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
  Instructions for - Spybot S & D and Ad-aware
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
  Computer Safety on line - Anti-Malware
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  
  Follow this list and your potential for being infected again will reduce dramatically.
• Stand Up and Be Counted!
  
  Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you have to be registered to post after registering just find your country room and register your complaint.
  The infection you had was Vundo.

[Shaba]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php