Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo Ads & Oinadserver Ads


  • Please log in to reply

#1
generalben

generalben

    Member

  • Member
  • PipPip
  • 13 posts
Hello. I've read that using the Hijack-this-program thingie, you guys have helped people remove this type of malicious adware. I tried hoping the ads would go away, or just stop bugging me so much, but the problem seems to have gotten worse. None of the spysweeper, or pop-up blockers on my system have worked against these ads, even while they block virtually any other type of pop-ups.

I'm not sure if the Outerinfo Ads & the Oinadserver Ads are 2 different problems or just one connected problem, but I'm ready to ask for help in getting rid of both sets of ads.

I'm now begging! Please, please help!

Ok, I'll shut up now if you will in return do what you can to help. If it is a success, I'd be happy to donate to allow you to help others, particuarly if you are doing this out of the kindness of your heart, which you have seem to have done in the past.

Thanks so much if you can help get this solved.

Ben
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Ben
have you downloaded HJT ?
Be helpful to see a log
also an unistall list from it as well

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


and the uninstall list
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#3
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Again,

I'm still going through the process of adding the spyware programs and running them. I didn't quite realize I'd get a reply this quickly!

I still have to get the Hijack This & Run it. I will continue to work through the steps as quickly as I can. Thanks so much!

Ben
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
No problem post when ready
  • 0

#5
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok. Thanks for your patience. I just got back from work and completed the steps.

Here are my logs. The first is my HijackThis Log. The second is my AVG Report Scan. The third is my Active Scan. The fourth is my Uninstall List. Thanks so much for your help and speed throughout the process.

Logfile of HijackThis v1.99.1
Scan saved at 9:31:37 PM, on 10/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SCURIT~1\dexplore.exe
C:\Program Files\??mbols\??rss.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
R3 - URLSearchHook: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
O2 - BHO: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll
O2 - BHO: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [BearShare] C:\BearShare\BearShare.exe /m
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [teewxjfeclpnf] C:\WINDOWS\System32\xpdzqzvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TheGameOfLife.exe] C:\DOCUME~1\Owner\Desktop\THEGAM~1.EXE /r
O4 - HKCU\..\Run: [Pdsb] "C:\PROGRA~1\SCURIT~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ezdnt] C:\Program Files\??mbols\??rss.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dcs0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161563671887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161563656154
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:36:12 AM 10/22/2006

+ Scan result:



C:\Documents and Settings\Owner\Local Settings\Temp\nsh_105.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\NNSJB388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\ptf_0002.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\ss_IGN3_setup.exe -> Adware.Sidesearch : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE4.tmp -> Adware.Thumper : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/wbhshare.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\1.78 MB.exe/whieshm.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/wbhshare.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\whCC-NETSHAGG.exe/whieshm.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\111118.exe -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\toc_0035.exe -> Downloader.Agent.jq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP459\A0110051.exe -> Dropper.Delf.z : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\howyvyla.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\kyzexe.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1kdzilpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4cncjolpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuoajseoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wmajwgpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkognd5abpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowocpwepgsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowpajefpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyaicjgfoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycpdjifpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyejdpgeqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyohdpshpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyukcjidpq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqgazwhqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyokdzefpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyonczwapgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqhajmhpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmignczedpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqlcpwdowsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycocjilqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegcjkhoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyggd5acpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygldzghoqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1kdzilpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4cncjolpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuoajseoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wmajwgpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkognd5abpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowocpwepgsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowpajefpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyaicjgfoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycpdjifpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyejdpgeqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyohdpshpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyukcjidpq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqgazwhqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyokdzefpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyonczwapgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqhajmhpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmignczedpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqlcpwdowsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycocjilqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegcjkhoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyggd5acpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygldzghoqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Fastadvert : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Fastadvert : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Oewabox : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Oewabox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][3].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][4].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe -> Trojan.SecondThought.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP459\A0110050.exe -> Trojan.SecondThought.l : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TFTP2828 -> Worm.Lovesan.a : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Adware:adware/portalscan Not disinfected c:\windows\system32\winupdt.008
Adware:adware/secure32 Not disinfected c:\program files\secure32.html
Adware:adware/topconvert Not disinfected c:\windows\downloaded program files\loader2.ocx
Dialer:dialer.xd Not disinfected c:\windows\switchagreement.txt
Adware:adware/ncase Not disinfected c:\windows\180ax.log
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils
Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\system32\O.BAT
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.DIR.worm Disinfected C:\WINDOWS\system32\TFTP4008
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\SETED.tmp
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\run2.exe[¦++\Yazzle1408OinAdmin.exe]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@target[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ez.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\eXactSetup.EXE
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4E40.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI254D.tmp\mxTarget.cab
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Dialer:Dialer.UN Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\start0.inf
Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfin[C:\Documents and Settings\Owner\Local Settings\Temp\cfin]
Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@go[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@target[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rn11[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@cgi-bin[4].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@xiti[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@mysearch[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@banner[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rn11[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@xmts[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@tucows[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rightmedia[3].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
  • 0

#6
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Don't think it pasted the last 2 all the way. Here they are again.


Incident Status Location

Adware:adware/portalscan Not disinfected c:\windows\system32\winupdt.008
Adware:adware/secure32 Not disinfected c:\program files\secure32.html
Adware:adware/topconvert Not disinfected c:\windows\downloaded program files\loader2.ocx
Dialer:dialer.xd Not disinfected c:\windows\switchagreement.txt
Adware:adware/ncase Not disinfected c:\windows\180ax.log
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils
Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\system32\O.BAT
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.DIR.worm Disinfected C:\WINDOWS\system32\TFTP4008
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\SETED.tmp
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\run2.exe[¦++\Yazzle1408OinAdmin.exe]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@target[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ez.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\eXactSetup.EXE
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4E40.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI254D.tmp\mxTarget.cab
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Dialer:Dialer.UN Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\start0.inf
Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfin[C:\Documents and Settings\Owner\Local Settings\Temp\cfin]
Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@go[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@target[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rn11[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@cgi-bin[4].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@xiti[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@mysearch[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@banner[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rn11[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@xmts[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@tucows[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rightmedia[3].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@gostats[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@kinghost[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@cgi-bin[9].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@cgi-bin[10].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@did-it[2].txt
Spyware:Cookie/CaptainCode Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@target[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@go[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][4].txt
Spyware:Cookie/Target Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@target[1].txt
Spyware:Cookie/Go Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@rn11[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@cgi-bin[4].txt
Spyware:Cookie/Xiti Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@xiti[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@mysearch[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@banner[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@rn11[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@xmts[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@tucows[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@rightmedia[3].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][3].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@gostats[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@kinghost[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@cgi-bin[9].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/ademails Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@cgi-bin[10].txt
Spyware:Cookie/360i Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Buzztone Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@did-it[2].txt
Spyware:Cookie/CaptainCode Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\owner@target[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt


Absolutist.com Pool
Absolutist.com RoboSoccer
ACE-HIGH MP3 WAV WMA OGG Converter
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
AOL Instant Messenger (SM)
AVG Anti-Spyware 7.5
Baseball Mogul 99
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Clue
Cosmic Pool
Diablo
DirectX Media Runtime 5.1
Drag'n Drop CD
EarthLink 5.0
EarthLink spamBlocker Add-On
EMS FreeSurfer mk II
Expert Casino CD
ExtractNow
Final Draft 6
FLV Player 1.3.3
Fujitsu Hotkey Utility
Fujitsu Service Assistant
Full Contact Poker (remove only)
Full Tilt Poker
Grey Olltwit's Bowling Game
Gutterball
Hellfire
HijackThis 1.99.1
Indoor Soccer 1.2
Install 6.1 Winbios
Intel® Extreme Graphics Driver
InterVideo WinDVD
iPod for Windows 2006-03-23
iTunes
Kazaa Media Desktop 2.1.1
Lexmark Supplies Monitor
Lexmark Z25-Z35
LifeBook Application Panel
Lucent Technologies Soft Modem AMR
Maniac Mansion Deluxe
MANSIONPoker.net
Microsoft Return of Arcade
Microsoft Works 6.0
Panda ActiveScan
PC-Doctor for Windows
PC-Doctor WINDSAPI SDK
PokerStars
Pop-Up Stopper Free Edition
Quicken 2002 New User Edition
QuickTime
RealPlayer
Risk
Scrabble
Shockwave
Sierra Sports GameRoom
Sierra Utilities
SigmaTel AC97 Audio Drivers
SimCity 2000® Special Edition
Spy Sweeper
The Sims Deluxe Edition
TI-83 Plus Flash Debugger
Ultima Collection
UltimateBet
Verizon Online DSL
Verizon Online Help & Support
Verizon Yahoo! Applications
Warcraft II BNE
Windows Blaster Worm Removal Tool (KB833330)
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q307274 for more information]
Windows XP Hotfix (SP1) [See Q308276 for more information]
Windows XP Hotfix (SP1) [See Q308928 for more information]
Windows XP Hotfix (SP1) [See Q311361 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q312368 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
XviD MPEG-4 Video Codec
Yahoo! Address AutoComplete
Yahoo! Messenger Explorer Bar
Yahtzee 1.1.6
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hmm cleaned up a bit still some remenats of some stuff floating around

First

1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HJT log please

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next
Apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.softpedia...Pack-SP1a.shtml

Download and Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#8
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I downloaded the Service Pack. I went to apply the update. It worked about 1/2 way, 2/3 of the way, then didn't do anything else, or show a "Finished" result. I attempted to apply it again, but it didn't choose to. So, I'm not sure if the Service Pack went through the complete installation process.

Here is my ComboFix log and then are my 2 HijackThis logs. The first HJ log follows the ComboFix. The second HJ log follows the Service Pack process.


ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\SSTEM~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\MBOLS~1\??rss.exe
C:\QooBox\Purity\Program Files\SCURIT~1\s?curity
C:\QooBox\Purity\Program Files\SCURIT~1\dexplore.exe
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MANTEC~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))


2006-10-22 21:13 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-22 21:13 550,400 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-10-22 21:13 48,640 --a------ C:\WINDOWS\system32\browser.dll
2006-10-22 21:13 454,656 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-22 21:13 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-10-22 21:09 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-22 21:09 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-10-22 21:09 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-22 21:09 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-10-22 21:09 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-22 21:09 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-22 21:09 442,880 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-10-22 21:09 365,568 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-22 21:09 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-10-22 21:09 214,528 --a------ C:\WINDOWS\system32\rpcss.dll
2006-10-22 21:09 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-22 21:09 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-22 21:09 1,177,088 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-22 21:09 1,105,408 --a------ C:\WINDOWS\system32\ole32.dll
2006-10-22 21:08 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-10-22 21:08 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-10-22 21:08 596,480 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-22 21:08 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-10-22 21:08 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-22 21:08 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-10-22 21:08 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-10-22 21:08 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-10-22 21:08 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-22 21:08 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-10-22 21:08 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-10-22 21:08 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-10-22 21:08 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-10-22 21:08 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-10-22 21:08 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-10-22 21:08 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-10-22 21:08 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-10-22 21:08 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-10-22 21:08 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-10-22 21:01 218,624 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-22 20:38 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-22 20:38 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-22 20:38 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-22 20:38 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-22 20:38 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2006-10-22 20:36 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-22 20:34 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-22 20:34 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-22 20:34 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-22 20:34 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-22 20:34 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-22 20:34 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-22 08:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-10 22:57 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-10 22:56 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2006-10-10 22:56 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2006-10-10 22:56 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2006-10-10 22:56 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-10-10 22:56 243,824 --a------ C:\WINDOWS\unicows.dll
2006-10-10 22:56 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2006-10-10 22:56 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2006-10-10 22:56 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2006-10-10 22:56 115,824 --a------ C:\WINDOWS\UnVet32.exe
2006-10-10 22:56 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2006-10-10 22:56 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-10-10 22:55 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-10-10 22:55 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-10-10 22:55 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-10 22:55 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-10 22:55 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-10-08 10:46 184,769 --a------ C:\WINDOWS\run2.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 08:55 -------- d-------- C:\Program Files\Grisoft
2006-10-21 23:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-12 11:01 -------- d-------- C:\Program Files\Panicware
2006-10-10 22:56 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-25 10:51 -------- d-------- C:\Program Files\TryMedia
2006-09-25 10:50 -------- d-------- C:\Program Files\Infogrames
2006-09-22 17:10 -------- d-------- C:\Program Files\Common Files\Motive
2006-09-22 17:09 -------- d-------- C:\Program Files\Verizon Online
2006-09-22 17:09 -------- d-------- C:\Program Files\Common Files\MotiveBrowser
2006-09-22 17:03 -------- d-------- C:\Program Files\Yahoo!
2006-09-22 17:03 -------- d-------- C:\Program Files\verizon
2006-09-22 17:03 -------- d-------- C:\Program Files\SupportSoft
2006-09-20 11:28 0 --a------ C:\Program Files\secure32.html
2006-08-30 20:14 -------- d-------- C:\Program Files\MANSION
2006-08-29 22:03 -------- d-------- C:\Program Files\FullContactPoker


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"TheGameOfLife.exe"="C:\\DOCUME~1\\Owner\\Desktop\\THEGAM~1.EXE /r"
"Pdsb"="\"C:\\PROGRA~1\\SCURIT~1\\dexplore.exe\" -vt yazb"
"Ezdnt"="C:\\Program Files\\??mbols\\??rss.exe"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFREE.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"LTSMMSG"="LTSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"IndicatorUtility"="C:\\Program Files\\Fujitsu\\Fujitsu Hotkey Utility\\IndicatorUty.exe"
"LoadFujitsuQuickTouch"="C:\\Program Files\\Fujitsu\\Application Panel\\QuickTouch.exe"
"LoadBtnHnd"="C:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Drag'n Drop CD"="C:\\Program Files\\Drag'n Drop CD\\BinFiles\\DragDrop.exe /StartUp"
"ConMgr.exe"="\"C:\\Program Files\\EarthLink 5.0\\ConMgr.exe\""
"BearShare"="C:\\BearShare\\BearShare.exe /m"
"freesurfer"="C:\\Program Files\\Free Surfer\\fs20.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\AsstCommon\\motmon.exe"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"teewxjfeclpnf"="C:\\WINDOWS\\System32\\xpdzqzvf.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-23 22:46:31.20
C:\ComboFix.txt ... 06-10-23 22:46


Logfile of HijackThis v1.99.1
Scan saved at 10:48:33 PM, on 10/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SCURIT~1\dexplore.exe
C:\Program Files\??mbols\??rss.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
R3 - URLSearchHook: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
O2 - BHO: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
O2 - BHO: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [BearShare] C:\BearShare\BearShare.exe /m
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [teewxjfeclpnf] C:\WINDOWS\System32\xpdzqzvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TheGameOfLife.exe] C:\DOCUME~1\Owner\Desktop\THEGAM~1.EXE /r
O4 - HKCU\..\Run: [Pdsb] "C:\PROGRA~1\SCURIT~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ezdnt] C:\Program Files\??mbols\??rss.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dcs0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161563671887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161563656154
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


Logfile of HijackThis v1.99.1
Scan saved at 12:19:57 AM, on 10/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
R3 - URLSearchHook: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
O2 - BHO: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
O2 - BHO: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [BearShare] C:\BearShare\BearShare.exe /m
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [teewxjfeclpnf] C:\WINDOWS\System32\xpdzqzvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TheGameOfLife.exe] C:\DOCUME~1\Owner\Desktop\THEGAM~1.EXE /r
O4 - HKCU\..\Run: [Pdsb] "C:\PROGRA~1\SCURIT~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ezdnt] C:\Program Files\??mbols\??rss.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dcs0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161563671887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161563656154
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
  • 0

#9
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I know I probably should not be adding my clueless opinions and just do as you guys advise with the logs. And I know it's only been a short time, so it's not a true long run test of time to accurately determine anything definitive.

However, I would just like to state that my system has not yet had a pop-up from Outerinfo/Oinadserver since following the advice of the last post by you, Don. Thanks so much for all you've done so far. I'm ready for any more suggestions you continue to have. You and everybody associated with this site have thus far been undeniably awesome.
  • 0

#10
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
My computer might now be possiblly running a little slower than normal. Not sure if it's because of all the new software added, or if it just has been going downhill, as it is 4 years old.

Still no signs as of now from Outerinfo. If we have done all the necessary steps to get rid of this problem, please give any final tips for keeping the stuff out. I'm sure getting the Service Pack 2 would be a step in the direction. Thanks.
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sorry for the delay
Could you post back a fresh HJT log for me please lets see whats going on with it
  • 0

#12
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi again,

Please don't appologize. You've already done so much to help. Any bit of time you have given me has been appreciated. People have things they have to do, and I've been on your time. Thanks again!!

Anywho, I'm working 'till 3:00ish on Saturday, so I won't be back until then. Here's the newest HijackThis log.


Logfile of HijackThis v1.99.1
Scan saved at 11:16:59 PM, on 10/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
R3 - URLSearchHook: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {4518C591-585A-7A80-2BB6-7595BBF08AC8} - C:\WINDOWS\System32\lyqnv.dll (file missing)
O2 - BHO: (no name) - {7C8DE13B-2AA0-552F-D7C9-52A7785FE1CE} - C:\WINDOWS\System32\lrwcivrf.dll (file missing)
O2 - BHO: (no name) - {9F89CF8F-0D16-28C9-6BE2-20807A3C57C4} - C:\WINDOWS\System32\cqmfonqf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [BearShare] C:\BearShare\BearShare.exe /m
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [teewxjfeclpnf] C:\WINDOWS\System32\xpdzqzvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TheGameOfLife.exe] C:\DOCUME~1\Owner\Desktop\THEGAM~1.EXE /r
O4 - HKCU\..\Run: [Pdsb] "C:\PROGRA~1\SCURIT~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ezdnt] C:\Program Files\??mbols\??rss.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dcs0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161563671887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161563656154
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please run combofix again
Post back the txt back from it for me please
  • 0

#14
generalben

generalben

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix Text:


Owner - 06-10-29 22:18:52.39 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\SSTEM~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\MBOLS~1\??rss.exe
C:\QooBox\Purity\Program Files\SCURIT~1\s?curity
C:\QooBox\Purity\Program Files\SCURIT~1\dexplore.exe
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MANTEC~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


2006-10-23 23:37 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-23 23:32 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-10-23 23:32 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-23 23:32 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-23 23:32 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-23 23:32 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-23 23:32 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-23 23:32 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-23 23:32 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-23 23:32 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-23 23:32 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-23 23:32 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-23 23:32 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-23 23:32 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-23 23:32 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-23 23:32 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-23 23:32 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-23 23:32 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-23 23:32 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-10-23 23:32 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-23 23:32 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-23 23:32 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-23 23:32 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-23 23:32 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-23 23:32 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-23 23:32 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-10-23 23:32 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-23 23:32 12,288 --------- C:\WINDOWS\system32\encapi.dll
2006-10-23 23:32 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-23 23:32 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-23 23:32 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-23 23:32 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-23 23:32 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-23 23:30 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-23 23:30 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-23 23:30 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-23 23:30 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-23 23:30 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-23 23:30 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-10-23 23:30 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-23 23:30 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-23 23:30 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-23 23:30 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-23 23:30 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-23 23:30 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-23 23:30 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-23 23:30 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-23 23:30 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-23 23:30 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-23 23:30 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-23 23:30 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-23 23:30 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-23 23:30 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-23 23:30 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-23 23:30 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-23 23:30 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-23 23:30 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-10-23 23:30 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-23 23:30 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-23 23:30 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-23 23:30 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-23 23:30 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-23 23:30 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-23 23:30 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-23 23:30 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-23 23:30 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-23 23:30 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-23 23:30 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-23 23:30 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-10-23 23:30 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-23 23:30 443,392 --a------ C:\WINDOWS\system32\fxsapi.dll
2006-10-23 23:30 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-23 23:30 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-23 23:30 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-23 23:30 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-23 23:30 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-23 23:30 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-23 23:30 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-23 23:30 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-23 23:30 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-23 23:30 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-23 23:30 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-23 23:30 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-23 23:30 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-23 23:30 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-23 23:30 26,112 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-23 23:30 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-23 23:30 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-23 23:30 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-23 23:30 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-23 23:30 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-23 23:30 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-23 23:30 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-23 23:30 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-23 23:30 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-23 23:30 206,336 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-23 23:30 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-23 23:30 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-23 23:30 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-23 23:30 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-23 23:30 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-23 23:30 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-23 23:30 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-23 23:30 172,544 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-23 23:30 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-23 23:30 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-23 23:30 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-23 23:30 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-23 23:30 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-23 23:30 156,672 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-23 23:30 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-23 23:30 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-23 23:30 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-23 23:30 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-23 23:30 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-23 23:30 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-23 23:30 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-10-23 23:30 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-23 23:30 110,080 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-23 23:30 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-23 23:30 1,180,672 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-23 23:30 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-23 23:29 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-23 23:29 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-23 23:29 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-23 23:29 7,168 --a------ C:\WINDOWS\system32\fxsperf.dll
2006-10-23 23:29 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-23 23:29 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-23 23:29 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-23 23:29 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-23 23:29 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-23 23:29 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-10-23 23:29 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2006-10-23 23:29 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-23 23:29 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-23 23:29 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-23 23:29 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-23 23:29 559,616 --a------ C:\WINDOWS\system32\fxsst.dll
2006-10-23 23:29 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-23 23:29 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-23 23:29 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-23 23:29 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-23 23:29 435,200 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-23 23:29 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-23 23:29 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-23 23:29 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-23 23:29 395,264 --a------ C:\WINDOWS\system32\fxsxp32.dll
2006-10-23 23:29 391,168 --a------ C:\WINDOWS\system32\fxstiff.dll
2006-10-23 23:29 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-23 23:29 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-23 23:29 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-23 23:29 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-23 23:29 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-23 23:29 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-23 23:29 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-23 23:29 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-23 23:29 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-23 23:29 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-23 23:29 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-23 23:29 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-23 23:29 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-23 23:29 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-23 23:29 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-23 23:29 271,360 --a------ C:\WINDOWS\system32\fxscomex.dll
2006-10-23 23:29 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-23 23:29 250,368 --a------ C:\WINDOWS\system32\fxssvc.exe
2006-10-23 23:29 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-23 23:29 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-23 23:29 24,064 --a------ C:\WINDOWS\system32\fxsdrv.dll
2006-10-23 23:29 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-23 23:29 236,032 --a------ C:\WINDOWS\system32\fxst30.dll
2006-10-23 23:29 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-23 23:29 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-23 23:29 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-23 23:29 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-23 23:29 216,064 --a------ C:\WINDOWS\system32\fxscover.exe
2006-10-23 23:29 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-23 23:29 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-23 23:29 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-23 23:29 20,992 --a------ C:\WINDOWS\system32\fxsext32.dll
2006-10-23 23:29 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2006-10-23 23:29 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-23 23:29 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-23 23:29 185,856 --a------ C:\WINDOWS\system32\fxswzrd.dll
2006-10-23 23:29 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-23 23:29 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-23 23:29 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-23 23:29 149,504 --a------ C:\WINDOWS\system32\fxsui.dll
2006-10-23 23:29 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-23 23:29 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-10-23 23:29 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-23 23:29 130,048 --a------ C:\WINDOWS\system32\fxsclnt.exe
2006-10-23 23:29 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-23 23:29 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-23 23:29 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-23 23:29 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-23 23:29 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-23 23:29 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-23 23:29 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-23 23:29 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-23 23:29 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-23 23:29 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-23 23:29 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-23 23:28 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-23 23:28 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-23 23:28 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-23 23:28 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-23 23:28 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-23 23:28 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-23 23:28 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-23 23:28 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-23 23:28 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-23 23:28 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-23 23:28 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-23 23:28 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-23 23:28 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-23 23:28 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-23 23:28 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-23 23:28 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-23 23:28 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-23 23:28 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-23 23:28 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-23 23:28 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-23 23:28 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-23 23:28 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-23 23:28 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-10-23 23:28 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-10-23 23:28 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-23 23:28 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-23 23:28 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-23 23:28 511,488 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-23 23:28 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-23 23:28 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-23 23:28 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-23 23:28 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-23 23:28 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-23 23:28 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-23 23:28 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-23 23:28 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-23 23:28 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-23 23:28 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-23 23:28 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-23 23:28 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-23 23:28 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-23 23:28 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-23 23:28 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-23 23:28 357,376 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-23 23:28 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-23 23:28 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-23 23:28 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-10-23 23:28 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-23 23:28 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-23 23:28 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-23 23:28 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-23 23:28 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-23 23:28 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-10-23 23:28 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-23 23:28 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-23 23:28 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-23 23:28 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-23 23:28 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-23 23:28 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-23 23:28 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-23 23:28 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-23 23:28 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-23 23:28 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-23 23:28 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-23 23:28 192,512 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-23 23:28 184,832 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-23 23:28 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-23 23:28 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-23 23:28 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-23 23:28 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-23 23:28 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-23 23:28 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-23 23:28 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-23 23:28 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-23 23:28 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-10-23 23:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-23 23:28 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-23 23:28 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-23 23:28 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-23 23:28 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-23 23:28 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-23 23:28 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-23 23:28 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-23 23:28 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-23 23:28 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-23 23:28 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-23 23:28 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-23 23:28 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-23 23:28 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-23 23:28 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-23 23:28 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-23 23:28 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-10-23 23:28 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-23 23:28 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-23 23:28 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-23 23:28 1,220,608 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-23 23:28 1,169,920 --a------ C:\WINDOWS\system32\ole32.dll
2006-10-23 23:28 1,142,784 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-23 23:28 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-23 23:27 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-23 23:27 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-23 23:27 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-23 23:27 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-23 23:27 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-23 23:27 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-23 23:27 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-23 23:27 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-23 23:27 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-23 23:27 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-23 23:27 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-23 23:27 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-23 23:27 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-23 23:27 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-23 23:27 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-23 23:27 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-23 23:27 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-23 23:27 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-23 23:27 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-23 23:27 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-23 23:27 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-23 23:27 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-23 23:27 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-23 23:27 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-23 23:27 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-23 23:27 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-23 23:27 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-23 23:27 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-23 23:27 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-23 23:27 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-23 23:27 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-23 23:27 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-23 23:27 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-23 23:27 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-23 23:27 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-23 23:27 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-23 23:27 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-23 23:27 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-10-23 23:27 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-23 23:27 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-23 23:27 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-23 23:27 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-23 23:27 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-23 23:27 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-23 23:27 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-23 23:27 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-23 23:27 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-23 23:27 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-23 23:27 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-23 23:27 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-23 23:27 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-23 23:27 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-23 23:27 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-23 23:27 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-23 23:27 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-23 23:27 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-23 23:27 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-23 23:27 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-23 23:27 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-23 23:27 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-23 23:27 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-23 23:27 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-23 23:27 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-23 23:27 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-23 23:27 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-23 23:27 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-23 23:27 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-23 23:27 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-23 23:27 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-23 23:27 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-23 23:27 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-10-23 23:27 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-23 23:27 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-23 23:27 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-10-23 23:27 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-23 23:26 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-23 23:26 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-23 23:26 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-23 23:26 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-23 23:26 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-23 23:26 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-23 23:26 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-23 23:26 316,416 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-10-23 23:26 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-23 23:26 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-23 23:26 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2006-10-23 23:26 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2006-10-23 23:26 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-23 23:26 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-10-23 23:26 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-23 23:26 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-23 23:26 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2006-10-22 21:13 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-22 21:13 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-10-22 21:10 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-10-22 21:09 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-22 21:09 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-10-22 21:09 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-22 21:09 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-10-22 21:09 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-22 21:09 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-22 21:09 365,568 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-22 21:09 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-10-22 21:09 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-22 21:09 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-22 21:09 1,177,088 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-22 21:08 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-10-22 21:08 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-10-22 21:08 596,480 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-22 21:08 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-10-22 21:08 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-22 21:08 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-10-22 21:08 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-10-22 21:08 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-10-22 21:08 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-22 21:08 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-10-22 21:08 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-10-22 21:08 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-10-22 21:08 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-10-22 21:08 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-10-22 21:08 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-10-22 21:08 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-10-22 21:08 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-10-22 21:08 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-10-22 21:08 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-10-22 21:01 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-22 20:57 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-10-22 20:57 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-10-22 20:57 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-10-22 20:57 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-22 20:55 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2006-10-22 20:38 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-22 20:38 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-22 20:38 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-22 20:38 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-22 20:38 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2006-10-22 20:36 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-22 20:34 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-22 20:34 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-22 20:34 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-22 20:34 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-22 20:34 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-22 20:34 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-22 08:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-10 22:57 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-10 22:56 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2006-10-10 22:56 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2006-10-10 22:56 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2006-10-10 22:56 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-10-10 22:56 243,824 --a------ C:\WINDOWS\unicows.dll
2006-10-10 22:56 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2006-10-10 22:56 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2006-10-10 22:56 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2006-10-10 22:56 115,824 --a------ C:\WINDOWS\UnVet32.exe
2006-10-10 22:56 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2006-10-10 22:56 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-10-10 22:55 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-10-10 22:55 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-10-10 22:55 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-10 22:55 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-10 22:55 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-10-08 10:46 184,769 --a------ C:\WINDOWS\run2.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 07:55 -------- d-------- C:\Program Files\Grisoft
2006-10-21 22:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-12 10:01 -------- d-------- C:\Program Files\Panicware
2006-10-10 22:56 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-25 10:51 -------- d-------- C:\Program Files\TryMedia
2006-09-25 09:50 -------- d-------- C:\Program Files\Infogrames
2006-09-22 17:10 -------- d-------- C:\Program Files\Common Files\Motive
2006-09-22 17:09 -------- d-------- C:\Program Files\Common Files\MotiveBrowser
2006-09-22 17:03 -------- d-------- C:\Program Files\SupportSoft
2006-09-22 16:09 -------- d-------- C:\Program Files\Verizon Online
2006-09-22 16:03 -------- d-------- C:\Program Files\Yahoo!
2006-09-22 16:03 -------- d-------- C:\Program Files\verizon
2006-09-20 11:28 0 --a------ C:\Program Files\secure32.html
2006-08-30 19:14 -------- d-------- C:\Program Files\MANSION
2006-08-29 21:03 -------- d-------- C:\Program Files\FullContactPoker


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"TheGameOfLife.exe"="C:\\DOCUME~1\\Owner\\Desktop\\THEGAM~1.EXE /r"
"Pdsb"="\"C:\\PROGRA~1\\SCURIT~1\\dexplore.exe\" -vt yazb"
"Ezdnt"="C:\\Program Files\\??mbols\\??rss.exe"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFREE.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"LTSMMSG"="LTSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"IndicatorUtility"="C:\\Program Files\\Fujitsu\\Fujitsu Hotkey Utility\\IndicatorUty.exe"
"LoadFujitsuQuickTouch"="C:\\Program Files\\Fujitsu\\Application Panel\\QuickTouch.exe"
"LoadBtnHnd"="C:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Drag'n Drop CD"="C:\\Program Files\\Drag'n Drop CD\\BinFiles\\DragDrop.exe /StartUp"
"ConMgr.exe"="\"C:\\Program Files\\EarthLink 5.0\\ConMgr.exe\""
"BearShare"="C:\\BearShare\\BearShare.exe /m"
"freesurfer"="C:\\Program Files\\Free Surfer\\fs20.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\AsstCommon\\motmon.exe"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"teewxjfeclpnf"="C:\\WINDOWS\\System32\\xpdzqzvf.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-29 22:19:39.37
C:\ComboFix2.txt ... 06-10-23 22:46
C:\ComboFix.txt ... 06-10-29 22:19
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Fresh HJT log as well please, sorry should have asked for that aswell earlier
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP