Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

dialer.trojan...getting in the way of my school work [RESOLVED]


  • This topic is locked This topic is locked

#1
marsbar55md

marsbar55md

    Member

  • Member
  • PipPip
  • 16 posts
This is really getting in the way of writting papers and doing research through the internet. I have tried running norton in safe mode to get rid of it but it hasn't helped. I have a huge paper to do and I really need this thing gone. Any help I could get asap would be greatly appreciated. Thanks again in advanced for the help.
Logfile of HijackThis v1.99.1
Scan saved at 5:42:10 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ocznkmtA] C:\WINDOWS\ocznkmtA.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\SYSTEM32\winwly32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ocznkmt.exe

Edited by marsbar55md, 10 October 2006 - 06:48 PM.

  • 0

Advertisements


#2
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Any help would be greatly appreciated. My internet is slow and I can't get any research done due to the constant pop ups and having to constantly restart my computer. Thanks again for anybody who responds to this.

Edited by marsbar55md, 12 October 2006 - 08:27 PM.

  • 0

#3
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

Sorry for the delay the Helpers have been busy.

Download Combofix.exe and save it to your desktop.

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Create an Uninstall list
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
Post back a fresh HijackThis log, contents of the combofix log and the Uninstall list.

Thanks.
  • 0

#4
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your help.

Marsbar - 06-10-14 8:20:49.39 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Marsbar\Application Data\Dxcknwrd.dll
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\offun.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


2006-10-12 12:44 19,456 --a------ C:\WINDOWS\system32\cool.exe
2006-09-21 22:30 1,207,824 -r-hs---- C:\WINDOWS\ocznkmt.exe
2006-09-21 22:30 1,130,000 -r-hs---- C:\WINDOWS\ocznkmtA.exe
2006-09-21 22:26 18,944 --a------ C:\WINDOWS\system32\winwly32.dll
2006-09-19 11:00 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2006-09-18 12:38 121,856 --------- C:\WINDOWS\system32\xmllite.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 08:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-10 19:20 -------- d-------- C:\Program Files\Google
2006-10-10 13:19 -------- d-------- C:\Program Files\DVD Shrink
2006-10-10 13:09 -------- d-------- C:\Program Files\Hijackthis
2006-10-09 18:58 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Azureus
2006-10-07 13:06 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 11:20 -------- d-------- C:\Program Files\WinRAR
2006-10-06 11:20 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Help
2006-10-05 09:51 -------- d-------- C:\Program Files\iTunes
2006-10-05 09:51 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-05 09:50 -------- d-------- C:\Program Files\iPod
2006-10-05 09:49 -------- d-------- C:\Program Files\QuickTime
2006-10-05 09:46 -------- d-------- C:\Program Files\Apple Software Update
2006-09-21 22:44 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Symantec
2006-09-20 01:50 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Ahead
2006-09-20 01:40 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-20 01:38 -------- d-------- C:\Program Files\Nero
2006-09-19 11:59 -------- d-------- C:\Program Files\XP Codec Pack
2006-09-18 22:58 -------- d-------- C:\Program Files\DivX
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 20:51 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-12 20:51 -------- d-------- C:\Program Files\Common Files
2006-09-12 20:50 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-12 20:50 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-12 20:49 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-12 20:49 -------- d-------- C:\Program Files\Microsoft Office
2006-09-12 20:48 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-12 20:48 -------- d-------- C:\Program Files\Common Files\System
2006-09-12 20:15 -------- d---s---- C:\Documents and Settings\Marsbar\Application Data\Microsoft
2006-09-11 23:30 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-11 23:27 -------- d-------- C:\Program Files\Symantec
2006-09-11 21:52 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-11 21:09 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\muvee Technologies
2006-09-11 20:06 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-09-08 00:50 -------- d-------- C:\Program Files\Real
2006-09-07 23:35 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Google
2006-09-07 23:12 -------- d-------- C:\Program Files\Cucusoft
2006-08-28 11:24 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Roxio
2006-08-28 11:16 -------- d-------- C:\Program Files\Sonic
2006-08-28 11:16 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-28 10:57 -------- d-------- C:\Program Files\PowerISO
2006-08-27 20:31 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Vso
2006-08-27 20:26 7176 --a------ C:\Documents and Settings\Marsbar\Application Data\pcouffin.cat
2006-08-27 20:26 47360 --a------ C:\Documents and Settings\Marsbar\Application Data\pcouffin.sys
2006-08-27 20:26 1144 --a------ C:\Documents and Settings\Marsbar\Application Data\pcouffin.inf
2006-08-27 20:19 34 --a------ C:\Documents and Settings\Marsbar\Application Data\pcouffin.log
2006-08-27 20:18 81920 --a------ C:\Documents and Settings\Marsbar\Application Data\ezpinst.exe
2006-08-27 20:18 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-08-27 20:18 -------- d-------- C:\Program Files\LG Software Innovations
2006-08-27 12:04 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Sonic
2006-08-27 12:01 -------- d-------- C:\Documents and Settings\Marsbar\Application Data\Leadertech
2006-08-25 23:34 -------- d-------- C:\Program Files\Azureus
2006-08-25 12:51 -------- d-------- C:\Program Files\MSN Messenger
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 04:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34 -------- d-------- C:\Program Files\MSN Games
2006-08-14 05:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-08-10 19:46 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-08 19:38 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-08-08 16:24 0 -rahs---- C:\MSDOS.SYS
2006-08-08 16:24 0 -rahs---- C:\IO.SYS
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 21:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-25 21:14 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-17 18:41 0 --a------ C:\Documents and Settings\Marsbar\Application Data\wklnhst.dat
2006-07-14 17:29 966656 --a------ C:\WINDOWS\UNRecode.exe
2006-07-14 17:29 966656 --a------ C:\WINDOWS\UNNeroVision.exe
2006-07-14 17:29 966656 --a------ C:\WINDOWS\UNNeroShowTime.exe
2006-07-14 17:29 966656 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2006-07-14 17:29 966656 --a------ C:\WINDOWS\UNNeroBackItUp.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"ocznkmtA"="C:\\WINDOWS\\ocznkmtA.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Marsbar.job

Completion time: 14/10/2006 8:24:42.28
C:\ComboFix.txt ... 14/10/2006 08:24 AM

Unistall list:

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
Azureus
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
ccCommon
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Ultra Driver (1.01.03.0112)
Creative WebCam NX Ultra User's Guide (English)
Crystal Maze from Hewlett-Packard Laptops (remove only)
Cucusoft iPod Movie/Video Converter 2.08
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Customer Experience Enhancement
DVD Shrink 3.2
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
Google Toolbar for Internet Explorer
Hexic Deluxe
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP DVD Play 2.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Works
Mozilla Firefox (1.5.0.7)
muvee autoProducer 4.5
NAVShortcut
Nero 7
Netscape Browser (remove only)
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PowerISO
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
QuickTime
RealArcade
SCRABBLE from Hewlett-Packard Laptops (remove only)
ScummVM 0.9.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SPBBC
Symantec
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Overlay Components
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
Wireless Home Network Setup
XP Codec Pack

Logfile of HijackThis v1.99.1
Scan saved at 8:32:53 AM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ocznkmt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ocznkmtA] C:\WINDOWS\ocznkmtA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\SYSTEM32\winwly32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ocznkmt.exe
  • 0

#5
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of the AVG Anti-Spyware text report that you saved and a new HiJackThis log.

Thanks.
  • 0

#6
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:22 PM 14/10/2006

+ Scan result:



C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP120\A0015699.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015847.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015848.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014079.exe -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/IUCMORE.DLL -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/UCMTSAIE.DLL -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/empty_00000001 -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014085.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014078.exe -> Downloader.Adload.fp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015911.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.307:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.308:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.309:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.548:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.622:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.910:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.444:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.447:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.448:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.963:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.964:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.965:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.188:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.189:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.190:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.191:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.192:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.231:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.136:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.863:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.864:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.823:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.821:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.822:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.30:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.445:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.457:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.202:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.203:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.204:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.205:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.58:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.639:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.623:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.465:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.466:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.467:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.468:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.260:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.261:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.262:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.264:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.325:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.326:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.327:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.328:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.329:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.321:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.852:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.403:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.404:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.405:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.422:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.423:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.520:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.529:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.625:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.626:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.627:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.690:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.691:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.722:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.723:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.726:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.730:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.731:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.765:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.950:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.553:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.554:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.555:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.556:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.906:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.907:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.908:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.909:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.349:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.740:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.741:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.381:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.382:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.383:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.384:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.512:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.513:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.281:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.55:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.59:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.56:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.57:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.60:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.61:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.319:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.320:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.502:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.503:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.766:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.768:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.769:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.770:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.372:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.373:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.374:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.568:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.569:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.570:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.571:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.572:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.227:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.228:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.230:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.242:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.243:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.330:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.331:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.332:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.151:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.700:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.574:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.575:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.576:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.577:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.578:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.579:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.580:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.818:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.387:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.92:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.664:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.665:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.666:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.667:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.668:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.669:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.469:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.254:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.660:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.299:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.300:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.301:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.302:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.303:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Marsbar\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.661:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.662:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.663:C:\Documents and Settings\Marsbar\Application Data\Mozilla\Firefox\Profiles\6uvqy2fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014083.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015910.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:14:45 PM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ocznkmtA] C:\WINDOWS\ocznkmtA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\
  • 0

#7
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

Good work :whistling:

You will need to print out a copy of these instructions, or save them to NotePad and put a shortcut to the file on the desktop so that you can refer to while you complete this procedure.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download and Save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [ocznkmtA] C:\WINDOWS\ocznkmtA.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Boot into Safe Mode: You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please double-click Killbox.exe to run it.
  • Select: Delete on Reboot then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\cool.exe
    C:\WINDOWS\ocznkmtA.exe
    C:\WINDOWS\system32\winwly32.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot back into Normal Mode.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Post the contents of the Kasperasky log along with a fresh HijackThis log for me to review. Also let me know how your computer is now behaving.

Thanks.
  • 0

#8
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
My computer is running a lot better, thank you so much for your help so far. I haven't had the dialer.trojan virus pop up for a couple of days as well as there has not really been any pop ups as well.

Here is my latest results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 15, 2006 12:01:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/10/2006
Kaspersky Anti-Virus database records: 231934
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96100
Number of viruses found: 17
Number of infected objects: 219 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:13:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\015C2AAE.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03203AD8.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04096499.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05322F9B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05504B32.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05B46074.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\074B6CC1.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F633D2.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B37154A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF66AD6.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4823E9.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C96200C.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CAA78D8.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFF3278.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2552AD.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D51319C.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FBE50EF.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\103F1187.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10AA6221.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10E66C2F.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\123E17E6.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135C14E0.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\139B20B5.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19EB2058.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D7D4252.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA0388A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E480E1B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2385183A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23BF1A03.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259860EA.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\266D0B10.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26D34609.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287F18C2.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\291E261A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A635C38.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CE439AA.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DC20023.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF45807.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F872A78.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F9D78BF.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306F7131.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33200C3B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\337D1FCE.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34017E17.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34AA4E39.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35427393.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35D12744.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37984B1B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7C58F7.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E294999.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EC261F9.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F860C6E.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\401E3295.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\410140BB.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DC33C8.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\450E0E2F.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45965F25.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47166453.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47492B3F.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47AB6227.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47D603F8.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47D92DF5.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47DC57F1.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47DF01EE.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47E32BEA.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47E655E6.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47E97FE3.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47EC29DF.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47F053DC.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47F37DD8.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47F627D5.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47F951D1.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47FD7BCD.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\480025CA.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48034FC6.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\480679C3.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\480A23BF.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\480D4DBB.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\481077B8.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\481421B4.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48174BB1.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\481A75AD.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482149A6.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482473A2.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48271D9F.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482A479B.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482E7197.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48311B94.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48372841.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48376F8D.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\483B1989.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\483E4385.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48416D82.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4845177E.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4848417B.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\484B6B77.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\484E1573.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48523F70.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4855696C.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48581369.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\485B3D65.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\485F6762.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4862115E.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48653B5A.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48686557.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486C0F53.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486F3950.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4872634C.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48760D48.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48793745.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\487C6141.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\487F0B3E.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4883353A.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48865F36.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48890933.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488C332F.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48905D2C.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48930728.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48963124.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4997354D.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49A02FBE.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49AA24EB.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A4A5C5D.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CDE248E.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F7740D7.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\501B0BD9.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\506D44EC.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55742254.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\568D02F0.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56DA0FBD.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\577D0836.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BBE18BA.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C495D99.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D556A9E.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D871624.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAA1415.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAA1415.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAA1415.tmp/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAA1415.tmp NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAA1415.tmp CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB930EA.exe Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ECF56D1.exe Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF07AAD.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF74EA6.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF74EA6.exe/data0005 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF74EA6.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF74EA6.exe NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF74EA6.exe CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F217077.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2D393D.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\600D7155.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\616B545A.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61D45652.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6270591A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\629D3671.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6485715B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65206A22.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\654756BA.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67336269.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68712A38.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\688A4325.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69D05468.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69E80560.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B224542.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C951A51.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DBA58EF.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DD0364F.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E136D5C.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70235E99.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708D04B3.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7104647A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719832B7.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727E0044.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73196B57.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73384BC4.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75935E56.exe CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75CA0661.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75E63CD2.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771A005A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78744D72.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\788B4C58.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\789A01D8.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78F1425F.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79334C9A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\798F3BD5.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A017E9A.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B25687C.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B4872E5.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B51476B.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD06809.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BFE404F.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EAA77EF.tmp Infected: Trojan.Win32.Dialer.qs skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marsbar\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Marsbar\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Temp\~DFCD6F.tmp Object is locked skipped
C:\Documents and Settings\Marsbar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marsbar\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marsbar\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0253NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0875NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP117\A0015664.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015694.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP119\A0015695.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP120\A0015699.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP120\A0015742.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP120\A0015760.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015835.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015847.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015848.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015852.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP123\A0015905.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP124\change.log Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014061.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP98\A0014079.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP124\change.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 12:04:40 PM, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4
  • 0

#9
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

We are nearly done. Your HijackThis log looks like it got cut off, please post a new one in its entirety.

Thanks.
  • 0

#10
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I did have one pop up earlier today, but besides that I haven't really had any. Thanks again for your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:55:31 PM, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ocznkmt.exe (file missing)
  • 0

Advertisements


#11
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

Open Notepad and copy and paste the text from the code box below. Make sure the filetype is set to All Files and save it as Removeservice.bat. to your desktop.

@echo off
sc stop Windows Overlay Components
sc delete Windows Overlay Components

Double-click on Removeservice.bat. A window will pop up and close. This is normal. Please restart your computer.

Be sure that you can view hidden files and folders.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file:

C:\WINDOWS\ocznkmt.exe

Please post a fresh HijackThis log for me to review and let me know if you recieve any more pop-ups.

Thanks.
  • 0

#12
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Haven't had any more pop ups. Couldn't find that file in C:\Windows.

Here is a new log:

Logfile of HijackThis v1.99.1
Scan saved at 8:29:36 AM, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ocznkmt.exe (file missing)
  • 0

#13
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

Please re-open HiJackThis and scan. Check the boxes next to all the entry listed below.

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ocznkmt.exe (file missing)

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Boot into Safe Mode: You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\ocznkmt.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

If the file isn't found by Killbox then it would be quite reasonable to think that the file does not exist.

Post one more HijackThis log (from Normal Mode), and after reviewing it I believe that I can post the clean-up instructions for you.
  • 0

#14
marsbar55md

marsbar55md

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I recieved the message PendingFileRenameOperations prompt.

Logfile of HijackThis v1.99.1
Scan saved at 11:48:59 AM, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Marsbar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#15
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi marsbar55md,

It appears that the file you tried to delete with Killbox did not exist.

Congratulations. Your log appears to be clean. :whistling:

You can go ahead and delete the following :

combofix.exe
Brute Force Uninstaller and associated folder C:\BFU
Removeservice.bat file from your desktop

We now need to re-hide some system files and folders.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading place a checkmark next to Do Not Show hidden files and folders.
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Reset your System Restore Points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please follow these Tips to prevent a possible infection or re-infection.

Many computers become infected because of unpatched Operating Systems.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly.

Download, install AND update the following free programs. It is important to keep all anti-malware programs updated. Please update at least once a week.
  • Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

I will leave this thread open for a couple of days in case of misfortune.

Stay safe and happy surfing. :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP