Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popups [CLOSED]

Started by David123 , Oct 04 2006 11:13 AM

  • This topic is locked This topic is locked

#1
David123
Posted 04 October 2006 - 11:13 AM

David123

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

I was getting quite a few popups wiht or wihtout IE open. I ran Vundo Fix and that has seemed to reduce the amount of popups. When this first started Symantec says it quarntened a trojan called TagAsaurus. Anyhow here in the Hihackthis info after running Vundofix.

Thanks for any help!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 1:06:53 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Si4gRGF2aWQgSG91bGU\command.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
\fulton\Personal Files\dhoule\ECURIT~1\msdtc.exe
C:\WINDOWS\?dobe\?hkntfs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dhoule\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\omong.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ahvrqdn.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {944284AD-E324-48A1-B690-69AE1440269B} - C:\WINDOWS\system32\awtss.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms066405201995] C:\WINDOWS\ms066405201995.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Asou] "\\fulton\Personal Files\dhoule\ECURIT~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Nphwp] C:\WINDOWS\?dobe\?hkntfs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMEGroup.local
O17 - HKLM\Software\..\Telephony: DomainName = EMEGroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EMEGroup.local
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Si4gRGF2aWQgSG91bGU\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Thanks again,
David
  • 0

Advertisements

#2
Crustyoldbloke
Posted 04 October 2006 - 11:55 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello David and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have a badly infected PC with quite a mixture of malware and Trojans. Let’s see what we can do.

Look in your Control Panel’s Add/Remove Programs for:
PuritySCAN By OIN,
OuterInfo,
OIN or similar
Yazzle by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it. , click on it and click remove.

Reboot and delete this folder if found: C:\Program Files\PurityScan\

If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Run the Fix tool for Command Service:
Please download delcmdservice (by Marckie), and save it to your Desktop.
delcmdservice
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.
Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
AVG AntiSpyware
combofix.exe

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

Network Monitor

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

Network Monitor

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please install, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\omong.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ahvrqdn.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {944284AD-E324-48A1-B690-69AE1440269B} - C:\WINDOWS\system32\awtss.dll (file missing)
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms066405201995] C:\WINDOWS\ms066405201995.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Nphwp] C:\WINDOWS\?dobe\?hkntfs.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O20 - AppInit_DLLs:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Si4gRGF2aWQgSG91bGU\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Now close all windows other than HiJackThis, then click Fix Checked.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Internet Optimizer
Network Monitor

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

C:\WINDOWS\gRGF2aWQgSG91bGU\
C:\Program Files\work Monitor\
C:\Program Files\ernet Optimizer\

Close Windows Explorer and Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\Si4gRGF2aWQgSG91bGU\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\?dobe\?hkntfs.exe
C:\WINDOWS\system32\omong.exe
C:\WINDOWS\system32\ahvrqdn.exe
C:\WINDOWS\nem220.dll
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\ms066405201995.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\dmonwv.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please)
  • 0

#3
David123
Posted 04 October 2006 - 04:05 PM

David123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok, that was a ton of fun! Here are the logs

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:55:53 PM 10/4/2006

+ Scan result:



C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Si4gRGF2aWQgSG91bGU\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\Si4gRGF2aWQgSG91bGU\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\drsmartload180a.exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080270.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\bak -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\bak\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2095576537-3772923588-632660569-1137\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0082333.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0082340.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ECPORTMODELLER.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_64.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_10.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\i112F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP613\A0082304.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP613\A0082305.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP613\A0082311.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\DXCecho.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\khfeccd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\Webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\WhAgent.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\WhSurvey.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080272.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080273.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080280.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
[592] C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Symantec AntiVirus\VPTray.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0082396.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\Duce6.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\UpdReg.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\ms066405201995.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\srvhmdcplb.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\919_133.exe -> Downloader.Dyfuca.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1I7WHMR\!update-4295[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080271.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\eanms.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP612\A0080265.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\niwyhaciw.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP613\A0082310.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\bak\ms066405201995.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\4HODG9AT\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\4HODG9AT\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\4L6VGLAZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\4XURWX6V\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\4XURWX6V\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\GH630TUB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\W1ABS5MB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\W7QRYN0D\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\W7QRYN0D\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\WXA3C9YJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temporary Internet Files\Content.IE5\YV2XU5KN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\qufytut.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\WindowsUpdate\nicoririr.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Local Settings\Temp\pre.exe -> Hijacker.VB.pg : Cleaned with backup (quarantined).
C:\VundoFix Backups\rdnytwoo.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Program Files\RealVNC\VNC4\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned with backup (quarantined).
C:\Documents and Settings\dhoule\Cookies\dhoule@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[10].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[11].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[12].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[13].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[5].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[7].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[8].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@2o7[9].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][5].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][6].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][7].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][8].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][9].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[10].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[11].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[12].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[13].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[14].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[15].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[16].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[17].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[18].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[19].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[20].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[21].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[22].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[23].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[24].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[25].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[6].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[7].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[8].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@advertising[9].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][10].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][11].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][12].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][13].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][4].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][5].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][6].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][7].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][8].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][9].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][4].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][5].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][6].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\administrator@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\administrator.SomeCO.000\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\administrator.SomeCO.000\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\administrator.EMEGROUP.000\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\administrator.SomeCO.000\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[5].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[6].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@questionmarket[7].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\administrator.SomeCO.000\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][10].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][11].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][6].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][7].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][8].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\dhoule\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\dhoule\Cookies\dhoule@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mmcnamara\Cookies\mmcnamara@zedo[7].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).


::Report end

dhoule - 06-10-04 17:41:37.28 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\dhoule\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


F2 -REG:system.ini: UserInit C:\WINDOWS\SYSTEM32\ahvrqdn.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-10-03 18:08 127488 qkkkm.exe.qoo
06-10-04 16:58 127488 eanms.dat.qoo
06-10-04 17:30 23552 ahvrqdn.exe.qoo
06-10-03 18:07 53 bcveel.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\dhoule\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\RDFX4.exe
C:\WINDOWS\whCC-GIANT.exe
C:\WINDOWS\Eim03.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Program Files\network monitor
C:\Program Files\windows
C:\WINDOWS\Si4gRGF2aWQgSG91bGU


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-04 15:55 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-04 11:08 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2006-10-04 11:08 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-10-04 11:08 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-10-04 11:08 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2006-10-03 20:03 86,036 --a------ C:\WINDOWS\SYSTEM32\fpmdfyus.dll
2006-10-03 18:08 435 --a------ C:\WINDOWS\wxfqx.dll
2006-10-03 18:07 217,276 --a------ C:\WINDOWS\srvubzmgmg.exe
2006-10-03 18:06 175,180 --a------ C:\WINDOWS\snaper.exe
2006-10-03 18:06 147,456 --a------ C:\WINDOWS\aff_0006.exe
2006-09-28 09:24 75,264 --a------ C:\WINDOWS\SYSTEM32\nsg1148.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 17:45 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-04 17:42 -------- d-------- C:\Program Files\Common Files
2006-10-04 17:32 -------- d-------- C:\Program Files\CCleaner
2006-10-04 16:55 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-04 16:55 -------- d-------- C:\Program Files\Windows NT
2006-10-04 16:55 -------- d-------- C:\Program Files\Windows Media Player
2006-10-04 16:55 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-04 15:55 -------- d-------- C:\Program Files\Grisoft
2006-10-03 20:03 -------- d-------- C:\Program Files\VSToolbar
2006-10-03 20:03 -------- d-------- C:\Documents and Settings\dhoule\Application Data\SearchToolbarCorp
2006-10-03 18:08 330 --a------ C:\WINDOWS\SYSTEM32\tracklog.sys
2006-10-03 18:06 -------- d-------- C:\Program Files\mediasnapinstall
2006-10-02 11:00 -------- d-------- C:\Documents and Settings\dhoule\Application Data\AdobeUM
2006-09-27 16:32 -------- d---s---- C:\Documents and Settings\dhoule\Application Data\Microsoft
2006-09-22 14:08 -------- d-------- C:\Program Files\CostWork
2006-09-05 18:57 -------- d-------- C:\Program Files\Winamp
2006-08-24 12:45 -------- d-------- C:\Program Files\Engineering Power Tools - v2.0.4
2006-08-24 12:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-24 12:44 249856 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Asou"="\"\\\\fulton\\Personal Files\\dhoule\\ECURIT~1\\msdtc.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\qufytut.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\WindowsUpdate\\nicoririr.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="\"C:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="\"C:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
"DisablePersonalDirChange"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"disablecad"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Wed 10/04/2006 17:52:19.16
ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 5:56:24 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\dhoule\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Asou] "\\fulton\Personal Files\dhoule\ECURIT~1\msdtc.exe" -vt ndrv
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SomeCO.local
O17 - HKLM\Software\..\Telephony: DomainName = SomeCO.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SomeCO.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23

Edited by David123, 05 October 2006 - 04:03 PM.

  • 0

#4
Crustyoldbloke
Posted 04 October 2006 - 06:07 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again David

The logs look good. I notice that there are two accounts on this PC; mmcnamara and dhoule. Are there any more? Which one am I working on now?

In this fix, I will delete the bad files found by combofix, and then clean the other account.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

VSToolbar
SearchToolbar

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

C:\Program Files\VSToolbar\
C:\Documents and Settings\dhoule\Application Data\SearchToolbarCorp\

Close Windows Explorer and Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\fpmdfyus.dll
C:\WINDOWS\wxfqx.dll
C:\WINDOWS\srvubzmgmg.exe
C:\WINDOWS\snaper.exe
C:\WINDOWS\aff_0006.exe
C:\WINDOWS\SYSTEM32\nsg1148.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post back a fresh HijackThis log, from normal mode, and I will take another look.
  • 0

#5
David123
Posted 05 October 2006 - 03:58 PM

David123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
That was much easiser!

Logfile of HijackThis v1.99.1
Scan saved at 5:55:09 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\David Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Asou] "\\fulton\Personal Files\dhoule\ECURIT~1\msdtc.exe" -vt ndrv
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SomeCO.local
O17 - HKLM\Software\..\Telephony: DomainName = SomeCO.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SomeCO.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#6
Crustyoldbloke
Posted 05 October 2006 - 05:45 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again David

Now that the HijackThis log for the main account is clean, you have a choice to make.

You can either post into this thread a fresh HJT log for each of the other accounts, from normal mode and I will analyse them and give you instruction necessary for any fix. Or you can go to User Accounts in the Control Panel and delete all the accounts other than the one I have been working on.

Windows by default will create a folder for each account and place it on the desktop with all the files and documents relative to that account in it, so nothing is lost.

If you then wish to have multiple accounts again, just reboot normally and create the account again from User Accounts (takes 5 minutes).
  • 0

#7
Crustyoldbloke
Posted 16 October 2006 - 01:44 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP