Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

web pages opening; ie opens on its own, etc.


  • This topic is locked This topic is locked

#1
ashleyrm

ashleyrm

    Member

  • Member
  • PipPip
  • 19 posts
Tried to run Panda, but ie kept quitting


Logfile of HijackThis v1.99.1
Scan saved at 8:01:45 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\PSCastor\PSCastor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enigma.sfrepository.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jyxam.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,utedwsm.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sgknml] C:\WINDOWS\system32\tpgvmn.exe reg_run
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pdron] C:\WINDOWS\system32\tpgvmn.exe reg_run
O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\ICROSO~1\csrss.exe" -vt ndrv
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe




Uninstall from Hijack

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.8
America Online (Choose which version to remove)
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOLIcon
Apple Software Update
AstroPop Deluxe 1.0
AVG Anti-Spyware 7.5
CleanUp!
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Support 3.1
Digital Content Portal
Digital Line Detect
EarthLink setup files
ELIcon
Fraps
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® PROSet/Wireless Software
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Producer
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Works
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
mWlsSafe
mWMI
mXML
MySQL Server 5.0
mZConfig
NetZeroInstallers
NVIDIA Drivers
Otto
Panda ActiveScan
PowerDVD 5.7
PremiumSoft Navicat MySQL 7.2
QuickSet
QuickTime
RealPlayer Basic
Search Assist
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
World of Warcraft


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:56:40 PM 11/9/2006

+ Scan result:



C:\WINDOWS\system32\dobphojc.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\WINDOWS\stub_mm3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Batty2\Batty2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-4039820924-3411315615-2219379847-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-4039820924-3411315615-2219379847-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ickdubb.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hlvi6wkjc.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32hlvi6wkjc.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP67\A0057307.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP67\A0057308.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050980.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050981.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050982.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\ACD FotoSlate 4.0.22.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\AI RoboForm v6.8.3 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\AI RoboForm v6.8.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\AI Roboform Pro 6.8.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Abhor DJ 1.51.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Absolute Video Converter 2.8.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Agnitum Outpost Firewall Pro v4.0.971.584.079.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ahead DVD Ripper 2.4.1.11.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Alfred Hitchcocks The Lady Vanishes 1938 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Alligator Flash Designer v6.0.0.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Amprolyzer 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\AnyDVD 6.0.3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Arial CD Ripper 1.5.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Armoured Core - Last Raven PS2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ashampoo FireWall Pro 1.10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ashampoo Firewall PRO 110 H.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ashampoo Photo Commander 5.10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Aurora MPEG to DVD Burner 4.9.11.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Aurora Media Workshop 3.3.11.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Aurora Media Workshop 3.3.23.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\AutoPlay Menu Builder v5.2.0.1072.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Autodesk Civil 3D v2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Avenger 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Backup Made Simple 5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Backup To DVD CD 5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Backup To DVD CD v5.1.198.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Bandwidth Monitor Pro v1.30.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Bannershop GIF Animator v5.0.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\BeFaster 3.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Behind Enemy Lines 2 Axis of Evil 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Billianaire II.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\BlazeDVD Pro 5.001.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Boom Boom Sabotage DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Borat.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Braindead - Dead Alive.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\BulletProof FTP Client 2.52.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Bully PS2 PAL iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Call Of Duty 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Censura Digital 1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Cheetah DVD Burner v1.76.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Color7 Music Fans Factory v9.2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Cruel Intentions II.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\CuteFTP Pro 7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\DFX Audio Enhancer 8.017.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\DVDFab Platinum 2.9.8.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Deadhunt.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Deadly Dozen-MYTH.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\DeltaGIS Project Edition v5.6.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\DivX Pro 6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Dreamingsoft 123 Flash Menu v2.1.0.1052.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\EVEREST Ultimate Edition 2006 v3.50.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Easy GIF Animator 3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Easy Lanceur v1.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Easy Lock Pub v1.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\EditPlus v2.20.284.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Espion Pro v5.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Everest 3.01 Build 652 Ultimate.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Fast Email Extractor Pro v6.2 FULL.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\FinalRecovery V2.1.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Fine Metronome 2.5.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Fingersmith DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\First Battalion.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Flags of Our Fathers (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Flash Saver Gold 5.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\FlashFXP V3.4.1 build 1152.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Flight 93.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Get Smart, Again! (1989).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ghost Recon Advanced Warfighter.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Grand Theft Auto San Andreas.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\HWINFO32 v1.71.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Hacking Google Maps and Google Earth.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Half-Life 2-DiGiTALZONE iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Hate Crime LiMiTED DVDRip Xvid-NeDiVx.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\HiDownload Pro v6.95.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Hide IP Platinum v3.21.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\HideIP 2.9 Platinium.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Inside Man (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Into The Blue DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Kaspersky Internet Security 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Keylaunch 1.2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Kiss Me Again (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\LightArtist 1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\LinkLines v1.2.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Looney Tunes Back In Action.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MP3 Wav Studio v6.18.61105.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Madagascar The Game iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MapPoint 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MemoriesOnTV 3.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MessengerLog Pro v6.06.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MetaProducts TrayIcon Pro v1.7.225.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Minority Report (2002).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Minotaur DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Monster House 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Moto GP 2 The Ultimate Racing Technology.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Moto GP 3 The Ultimate Racing Technology.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\MotoGP 2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\NBA Ballers PS2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\NTI CD&DVD Maker 7 Titanium.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\NVIDIA NvDVD 2.55.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Nero 7 Premium 7.2.3.2b.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Obscure PS2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Okoker Audio Factory 1.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Okoker DVD Ripper 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Okoker Optimize Expert 1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Once Upon a Time in Mexico 2003 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PC Booster 5.0.106.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PDF2Word 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PNGOutWin v1.0.1 Build 61031.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Paragon Partition Manager Pro 8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Paths of Glory 1957.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PhotoFiltre Studio 8.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PhotoFiltre Studio v8.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Pixarra TwistedBrush v11.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Power Archiver 2006 v9.63.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\PowerISO 3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Privacy Shield 3.0.39.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\QSyncFTP 1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Qimage v2007.141.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\RapidShare Grabber 1.4.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\RegGadget 1.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Registry Freeze 5.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Registry.Repair 1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Replay Converter 2.20.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Returnil Virtual System Home 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Rock Star DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\SQLYog Enterprise v5.19.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Severance 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Shut Down Expert 4.93.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Slysoft CloneDVD v2.9.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Smart PC Professional 4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Spaceballs (1987).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Spartan Total Warrior PS2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Spy Remover 2.64.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\SpyRemover 2.64.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Spyware Doctor 4.0.0.2618 + Live.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Spyware Doctor v4.0.0.2620.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Superman returns.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Butcher DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Guardian (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Intruder DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Lost Boys (1987).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The New Guy (2002).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Pink panther-CLASS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Prestige (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Queen DVDSCR Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Sims Complete Collection.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\The Wicker Man Quality (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Tiger and the Snow DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Total Commander 7.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Trojan Remover 6.5.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\USB Drive Data Recovery 2.0.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ulead DVD MovieFactory ver.5.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\UltimateZip 2007 ver. 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Ultra MPEG Converter v3.22.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\V.A. - 538 Dance Smash Hits 2006 Vol.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Video Capture Convert Burn DVD Solution 6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Video Edit Magic 4.2.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Video Slice 5.0.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\WM Recorder v11.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Webroot Spy Sweeper 5.0.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Webroot Window Washer 6.0.5.409.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\WinRAR 3.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\WinXP Manager v5.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Windows Live Messenger 8.1.0068 Beta.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\XMLwriter v2.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\Xilisoft DVD to PSP Converter 4.0.51.0606.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\You Me And Dupree (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\limewire PRO 4.12.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\n-Track Studio v5.0.2164.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\p2pnetworking.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050725.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050720.exe -> Downloader.Adload.ic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050724.exe -> Downloader.Adload.ic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050715.exe -> Downloader.Adload.nad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP66\A0052272.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050717.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Îśicrosoft\csrss.exe -> Downloader.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050701.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lwsws.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP67\A0057310.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP67\A0057311.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP67\A0057312.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\utedwsm.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0049708.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP60\A0050713.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kzoi\kzoid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\WINDOWS\lduozcw.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\003 Agriculture Crops EPS Vector Clipart.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\10 - 18 20 2006 SATRip.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\123 Flash Menu v2.1.0.1052.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\25 To Life.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\3D Object Converter v3.80.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\3D War Chess 1.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documents\My Music\Limewire Music\_\3D World Map v2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Catherine\My Documen
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello ashleyrm and welcome to Geeks to Go

Apologies for your wait.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans. Let’s see what we can do.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
combofix.exe

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jyxam.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,utedwsm.exe
O4 - HKLM\..\Run: [sgknml] C:\WINDOWS\system32\tpgvmn.exe reg_run
O4 - HKCU\..\Run: [pdron] C:\WINDOWS\system32\tpgvmn.exe reg_run
O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\ICROSO~1\csrss.exe" -vt ndrv
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete this folder (if present) using Windows Explorer:

C:\Program Files\PSCastor\

Close Windows Explorer and Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\PSCastor\PSCastor.exe
C:\WINDOWS\system32\jyxam.exe
C:\WINDOWS\system32\utedwsm.exe
C:\WINDOWS\system32\tpgvmn.exe
C:\WINDOWS\system32\ICROSO~1\csrss.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look.
  • 0

#3
ashleyrm

ashleyrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Phil,

Thanks so much for your help. Sorry to hear about your Meniere's disease. I have a co-worker who suffers from this and understand how frustrating it can be. HiJack and Combofix logs attached.

Thanks, Becky

Logfile of HijackThis v1.99.1
Scan saved at 12:38:24 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enigma.sfrepository.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Catherine - 06-11-13 12:34:08.10 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Catherine\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Catherine\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Catherine\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Common Files\{FC2BE7DF-0724-1033-0728-060601060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Catherine\My Documents\SMANTE~1
C:\QooBox\Purity\Documents and Settings\Catherine\My Documents\SMANTE~1\m?iexec_exe.vir
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1\?icrosoft


((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


2006-11-11 12:45 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-11 12:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:45 4,236 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:45 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:45 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-09 20:57 213,072 --a------ C:\Qoofix.dll
2006-11-09 20:57 102,400 --a------ C:\Qoofix.exe
2006-11-09 18:03 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-09 18:03 123,712 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-09 15:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-08 15:15 32,768 --a------ C:\WINDOWS\sqfnzsll.exe
2006-11-08 15:15 178,306 --a------ C:\WINDOWS\ac3_0008.exe
2006-11-08 15:15 1,259 --a------ C:\WINDOWS\system32\ujfd5cb8.sys
2006-11-08 15:14 504 --a------ C:\WINDOWS\rkncd.dll
2006-11-08 15:14 45,056 --a------ C:\WINDOWS\system32\nrnqetwbz.exe
2006-11-08 15:14 28,672 --a------ C:\WINDOWS\system32\pfbo0yj.exe
2006-11-08 15:14 204 --a------ C:\WINDOWS\system32\jdkfjdskfjkdsjf.bat
2006-11-08 15:14 200,704 --a------ C:\WINDOWS\system32\p2jlseh8.dll
2006-11-08 15:14 167,936 --a------ C:\WINDOWS\win32087-6423145.exe
2006-11-08 15:14 135,168 --a------ C:\WINDOWS\system32\e0pnii5i6.exe
2006-11-08 15:14 1,122,304 --a------ C:\WINDOWS\system32\rnnypbw.exe
2006-11-08 15:14 0 --a------ C:\WINDOWS\system32nrnqetwbz.exe
2006-11-08 15:13 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-10-26 14:20 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-10-26 14:20 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-26 08:08 40,960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-10-22 19:01 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-22 19:01 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-22 19:01 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-22 19:01 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-22 19:01 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2006-10-22 19:01 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2006-10-22 19:01 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-22 19:01 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-22 19:01 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-22 19:01 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-22 19:01 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-17 19:44 8 -r-hs---- C:\WINDOWS\system32\1185EECCD5.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 12:36 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-13 12:34 -------- d-------- C:\Program Files\Common Files
2006-11-13 12:28 -------- d-------- C:\Program Files\Yahoo!
2006-11-13 12:28 -------- d-------- C:\Program Files\CCleaner
2006-11-13 12:10 -------- d-------- C:\Program Files\backups
2006-11-13 12:07 11916 --a------ C:\Program Files\hijackthis.log
2006-11-12 13:23 -------- d-------- C:\Program Files\AdSponsor
2006-11-11 12:36 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-10 07:26 -------- d-------- C:\Program Files\QuickTime
2006-11-10 07:26 -------- d-------- C:\Program Files\iTunes
2006-11-10 07:26 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 07:26 -------- d-------- C:\Program Files\Google
2006-11-10 07:26 -------- d-------- C:\Program Files\Digital Line Detect
2006-11-10 07:26 -------- d-------- C:\Program Files\Dell Support
2006-11-10 07:26 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-10 07:26 -------- d-------- C:\Program Files\BAE
2006-11-09 20:00 218112 --a------ C:\Program Files\HijackThis.exe
2006-11-09 18:05 -------- d-------- C:\Documents and Settings\Catherine\Application Data\AdobeUM
2006-11-09 18:03 -------- d-------- C:\Program Files\Symantec
2006-11-09 15:59 -------- d-------- C:\Program Files\Grisoft
2006-11-09 12:42 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-08 16:03 -------- d-------- C:\Program Files\GemMaster
2006-11-08 16:03 -------- d-------- C:\Program Files\Dell
2006-11-08 15:46 -------- d-------- C:\Program Files\MSN
2006-11-08 15:46 -------- d-------- C:\Program Files\Common Files\kzoi
2006-11-08 15:15 93664 --ahs---- C:\Program Files\Common Files\Y1324OU.exe
2006-11-08 15:14 -------- d-------- C:\Program Files\Windows Media Player
2006-11-08 15:14 -------- d-------- C:\Program Files\Movie Maker
2006-11-07 15:28 -------- d-------- C:\Documents and Settings\Catherine\Application Data\Adobe
2006-11-01 18:41 -------- d---s---- C:\Documents and Settings\Catherine\Application Data\Microsoft
2006-11-01 16:33 -------- d-------- C:\Program Files\PremiumSoft
2006-11-01 16:22 -------- d-------- C:\Program Files\MySQL
2006-11-01 15:55 -------- d-------- C:\Program Files\WxW
2006-11-01 01:06 -------- d-------- C:\Documents and Settings\Catherine\Application Data\U3
2006-10-31 18:51 -------- d-------- C:\Program Files\World of Warcraft
2006-10-30 21:30 -------- d-------- C:\Documents and Settings\Catherine\Application Data\SmartFTP
2006-10-29 12:37 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-29 12:37 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-29 12:36 -------- d-------- C:\Program Files\Microsoft Office
2006-10-29 12:36 -------- d-------- C:\Program Files\Common Files\System
2006-10-26 14:20 -------- d-------- C:\Program Files\Microsoft Producer
2006-10-25 22:48 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-25 22:48 -------- d-------- C:\Program Files\Adobe
2006-10-25 13:41 -------- d-------- C:\Program Files\Trymedia
2006-10-25 13:38 -------- d-------- C:\Program Files\PopCap Games
2006-10-23 17:44 -------- d-------- C:\Documents and Settings\Catherine\Application Data\Ventrilo
2006-10-21 14:30 -------- d-------- C:\Program Files\Ventrilo
2006-10-21 14:29 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-19 17:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-19 16:21 -------- d-------- C:\Program Files\WinRAR
2006-10-17 18:56 736 --a------ C:\Documents and Settings\Catherine\Application Data\wklnhst.dat
2006-09-30 10:45 -------- d-------- C:\Program Files\Creative
2006-09-30 10:44 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-28 13:04 -------- d-------- C:\Program Files\iPod
2006-09-28 12:59 -------- d-------- C:\Program Files\Apple Software Update
2006-09-23 15:51 -------- d-------- C:\Program Files\Microsoft Office_1
2006-09-20 00:42 88 -r-hs---- C:\WINDOWS\system32\65241A4478.sys
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-26 02:18 40 --a------ C:\WINDOWS\system32\mes2046.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"NVHotkey"="rundll32.exe nvHotkey.dll,Start"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"MBMon"="Rundll32 CTMBHA.DLL,MBMon"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"VoiceCenter"="\"C:\\Program Files\\Creative\\VoiceCenter\\AndreaVC.exe\" /tray"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\kygeza.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Movie Maker\\hodywune.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-13 12:36:33.00
C:\ComboFix.txt ... 06-11-13 12:36
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

may I apologise to you for the hiatus in proceedings. There was a mini crisis this end.

The logs look good, but there is more to be done.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe


Click on Fix Checked when finished and exit HijackThis.

Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please delete these folders (if present) using Windows Explorer:

C:\Program Files\AdSponsor\
C:\Program Files\Enigma Software Group\
C:\Program Files\PopCap Games\

Close Windows Explorer and Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\AdSponsor\AdSponsor.dll
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\WINDOWS\sqfnzsll.exe
C:\WINDOWS\ac3_0008.exe
C:\WINDOWS\system32\ujfd5cb8.sys
C:\WINDOWS\rkncd.dll
C:\WINDOWS\system32\nrnqetwbz.exe
C:\WINDOWS\system32\pfbo0yj.exe
C:\WINDOWS\system32\jdkfjdskfjkdsjf.bat
C:\WINDOWS\system32\p2jlseh8.dll
C:\WINDOWS\win32087-6423145.exe
C:\WINDOWS\system32\e0pnii5i6.exe
C:\WINDOWS\system32\rnnypbw.exe
C:\WINDOWS\system32nrnqetwbz.exe
C:\WINDOWS\system32\vbzip10.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post back a fresh HijackThis log (from normal mode) and I will take another look.

How's the PC running now?
  • 0

#5
ashleyrm

ashleyrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Phil,

Things seem to be running okay. no pop-ups or hi-jacking going on. Here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 9:16:10 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enigma.sfrepository.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Congratulations! your new log is clean. :whistling: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink:

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP