Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer VERY slow

Started by leftylef , Feb 11 2007 09:58 AM

Please log in to reply

#1
leftylef

Posted 11 February 2007 - 09:58 AM

Member

Member
10 posts

Hi, I have a emachines running windows XP. Memory is nowhere near full. I followed all of the instructions you had where you said "read this first" . Loaded all the spyware etc. Here is the Hijack this log.

Can't understand why the computer is running slow. I am ready to erase everything and install reboot disk

Here is Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:55:59 AM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

HERE IS AVG REPORT:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:28:25 AM 1/14/2007

+ Scan result:

C:\Lefferts Backup\Documents and Settings\~Madeline~\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned.
C:\Lefferts Backup\~Madeline~\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned.
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll -> Adware.Viewpoint : Cleaned.
C:\WINDOWS\system32\dxbydwqs.exe -> Proxy.Agent.l : Cleaned.
:mozilla.57:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Lefferts Backup\Documents and Settings\~Madeline~\Cookies\~madeline~@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Lefferts Backup\~Madeline~\Cookies\~madeline~@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.41:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.42:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.126:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.127:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.128:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.86:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.87:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.65:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.53:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.39:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.32:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.33:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.48:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.17:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.22:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Lefferts Backup\Documents and Settings\~Madeline~\Cookies\~madeline~@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Lefferts Backup\~Madeline~\Cookies\~madeline~@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.89:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.75:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.54:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.118:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.119:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.120:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.121:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.90:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Lefferts Backup\Documents and Settings\~Madeline~\Cookies\~madeline~@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Lefferts Backup\~Madeline~\Cookies\~madeline~@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.79:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\mozilla fox\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\hjt\backups\backup-20050120-072708-706.dll -> Trojan.Golid.g : Cleaned.
C:\Lefferts Backup\Documents and Settings\~Madeline~\Local Settings\Temporary Internet Files\Content.IE5\ETILK5CT\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned.
C:\Lefferts Backup\~Madeline~\Local Settings\Temporary Internet Files\Content.IE5\ETILK5CT\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned.
C:\Sxos.exe -> Worm.SpyBot.dg : Cleaned.

::Report end

#2
don77

Posted 21 February 2007 - 06:37 PM

Malware Expert

Retired Staff
18,526 posts

Hi sorry for the delay, Could you post a fresh HJT log for me please as it has been a while since you posted this one,

also
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#3
leftylef

Posted 24 February 2007 - 07:10 AM

Member

Topic Starter
Member
10 posts

#4
don77

Posted 24 February 2007 - 09:10 AM

Malware Expert

Retired Staff
18,526 posts

Download ComboScan to your Desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt

Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply

#5
leftylef

Posted 24 February 2007 - 10:02 AM

Member

Topic Starter
Member
10 posts

Here is the comboscan log

ComboScan v20070221.16 run by Scott on 2007-02-24 at 10:57:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Scott.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:58:39 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Scott\Desktop\comboscan.exe
C:\hjt\Scott.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- HijackThis Fixed Entries (C:\hjt\backups\) -----------------------------------

backup-20050109-004318-483 O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
backup-20050109-004521-742 O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
backup-20050109-005350-347 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20050109-005421-754 O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
backup-20050109-005638-471 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
backup-20050109-005908-529 O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
backup-20050109-005908-714 O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
backup-20050109-005910-198 O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
backup-20050109-005910-598 O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
backup-20050109-005910-880 O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
backup-20050109-005911-545 O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
backup-20050109-005911-562 O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
backup-20050109-005912-789 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095879984751
backup-20050109-005914-108 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
backup-20050109-005914-893 O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
backup-20050109-005915-365 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
backup-20050114-225709-593 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050115-090628-845 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20050115-094055-316 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050115-094112-816 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050115-094423-458 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050115-094635-700 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050115-094642-318 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050120-072607-601 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - C:\WINDOWS\system32\xxvltgiu.dll (file missing)
backup-20050120-072620-969 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-072627-469 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-072633-122 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-072708-706 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - C:\WINDOWS\system32\ywbfsawf.dll
backup-20050120-072719-779 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - C:\WINDOWS\system32\ueiiafjk.dll
backup-20050120-072734-392 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-072734-524 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-072734-723 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-072745-314 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-072745-452 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-072745-698 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-202304-463 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-202304-546 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tomcoyote.org/hjt/#Top
backup-20050120-202305-222 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-202305-432 O4 - HKLM\..\Run: [rqynwiqg] C:\WINDOWS\system32\rqynwiqg.exe
backup-20050120-202305-617 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-202440-160 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-202440-355 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-202440-491 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-202502-973 O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
backup-20050120-202641-382 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-202641-390 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-202641-653 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-203444-503 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-203444-812 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-203444-860 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-203634-389 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20050120-205120-467 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-205120-546 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-205120-815 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-221109-180 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-221109-577 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-221109-959 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-221131-285 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-221131-309 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-221131-470 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050120-221220-491 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050120-221220-498 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050120-221220-829 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050121-175036-390 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
backup-20050121-175036-470 R3 - Default URLSearchHook is missing
backup-20050121-175037-140 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050121-175037-932 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050121-175325-414 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050121-175325-685 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050121-175325-759 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050121-175337-710 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050121-175337-888 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050121-175337-977 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-075212-269 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-075212-352 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-075212-444 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-093807-403 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-093807-436 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-093807-457 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-093807-737 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
backup-20050122-093807-923 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20050122-093808-640 O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\system32\msupd5.exe
backup-20050122-114856-555 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-114856-564 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-114856-846 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153753-740 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153753-821 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153753-961 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153801-168 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153801-257 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153801-990 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153818-343 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153818-559 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153818-822 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153828-318 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153828-406 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153828-647 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153840-100 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153840-827 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153840-829 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153846-225 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153846-494 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153846-723 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153857-190 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153857-838 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-153857-955 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153904-260 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-153904-464 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-153904-839 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-161655-143 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-161655-364 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-161655-384 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-173506-564 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
backup-20050122-173506-729 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-173506-750 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-173506-949 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-173522-164 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-173522-698 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-173522-833 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20050122-173522-965 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-173551-283 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-173551-774 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-173551-924 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-173600-183 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-173600-265 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-173600-540 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-222137-140 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-222137-758 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050122-222137-830 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-222137-942 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20050122-222153-131 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050122-222153-861 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050122-222153-864 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050124-064100-121 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050124-064100-450 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050124-064100-901 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050124-064108-268 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050124-064108-303 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050124-064108-738 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050127-072335-432 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050127-072336-178 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050127-072336-637 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20050127-072336-948 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050607-065101-117 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20050607-065101-244 O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
backup-20050607-065101-475 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
backup-20050607-065101-522 O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
backup-20050607-065101-615 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050607-065101-717 O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
backup-20050607-065101-760 O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20050607-065101-778 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20050607-065101-785 O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
backup-20050607-065101-794 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050607-065101-825 O4 - HKLM\..\Run: [EarthLink Installer] " /C
backup-20050607-065101-836 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050607-065101-906 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
backup-20050607-065101-913 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
backup-20050701-102000-283 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050701-102000-478 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050701-102000-504 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050706-070107-527 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050706-070107-575 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050706-070107-684 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
backup-20050706-070107-736 O4 - HKLM\..\Run: [Google Earth Viewer] GOOGLEMAPS.EXE
backup-20050706-070107-747 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050706-070107-922 O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
backup-20050706-070108-421 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20050709-111841-562 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050709-111841-594 O4 - HKLM\..\Run: [Google Earth Viewer] GOOGLEMAPS.EXE
backup-20050709-111841-771 O4 - HKLM\..\Run: [SystemClockManager] C:\WINDOWS\\\\\\\\\\\\\\\\\\\
backup-20050709-111841-798 O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
backup-20050709-111841-906 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050709-111841-957 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050709-111841-997 O4 - HKCU\..\RunOnce: [Google Earth Viewer] GOOGLEMAPS.EXE
backup-20050713-060630-303 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20050713-060631-157 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20050713-060631-377 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20050713-060631-552 O4 - HKLM\..\Run: [Google Earth Viewer] GOOGLEMAPS.EXE
backup-20051217-101729-132 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20051217-101729-476 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20051217-101729-871 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
backup-20051217-101758-464 O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
backup-20051217-101811-224 O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
backup-20051217-101811-571 O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
backup-20051217-101811-893 O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - C:\WINDOWS\system32\drivers\an983.sys
3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R basic2 - C:\WINDOWS\system32\drivers\basic2.sys
2R Cnxtdiag - C:\WINDOWS\system32\drivers\cnxtdiag.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2R Fallback - C:\WINDOWS\system32\drivers\fallback.sys
2R Fsks - C:\WINDOWS\system32\drivers\fsksnt.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\GTNDIS5.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S hsf_msft - C:\WINDOWS\system32\drivers\HSF_MSFT.sys
3R i81x - C:\WINDOWS\system32\drivers\i81xnt5.sys
3S iAimFP0 - C:\WINDOWS\system32\drivers\wADV01nt.sys
3S iAimFP1 - C:\WINDOWS\system32\drivers\wADV02NT.sys
3S iAimFP2 - C:\WINDOWS\system32\drivers\wADV05NT.sys
3S iAimFP3 - C:\WINDOWS\system32\drivers\wSiINTxx.sys
3S iAimFP4 - C:\WINDOWS\system32\drivers\wVchNTxx.sys
3S iAimTV0 - C:\WINDOWS\system32\drivers\wATV01nt.sys
3S iAimTV1 - C:\WINDOWS\system32\drivers\wATV02NT.sys
3S iAimTV3 - C:\WINDOWS\system32\drivers\wATV04nt.sys
3S iAimTV4 - C:\WINDOWS\system32\drivers\wCh7xxNT.sys
0S IFP700 (iRiver Internet Audio Player IFP-700) - C:\WINDOWS\system32\drivers\ifp700.sys (not found)
3S Jukebox3 - C:\WINDOWS\system32\drivers\ctpdusb.sys
2R K56 - C:\WINDOWS\system32\drivers\k56nt.sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
2R MCSTRM - C:\WINDOWS\system32\drivers\mcstrm.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3S mueaaldu - C:\WINDOWS\system32\drivers\mueaaldu.sys (not found)
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060614.035\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060614.035\NAVEX15.SYS
3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\system32\drivers\p3.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Rksample - C:\WINDOWS\system32\drivers\rksample.sys
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys
1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
3R SAVRT - C:\Program Files\Norton AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Norton AntiVirus\Savrtpel.sys
3S sermouse (Serial Mouse Driver) - C:\WINDOWS\system32\drivers\sermouse.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
2R SoftFax - C:\WINDOWS\system32\drivers\faxnt.sys
3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20060505.083\SymIDSCo.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
2R Tones - C:\WINDOWS\system32\drivers\tonesnt.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
2R V124 - C:\WINDOWS\system32\drivers\v124nt.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WUSB54GV4SRV (Linksys Wireless-G USB Network Adapter Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2S AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S cisvc (Indexing Service) - C:\WINDOWS\System32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3S iPodService (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe"
2R LanmanServer (Server) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LanmanWorkstation (Workstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S MsUpdate5 (Miscrosoft Updates Service 5) - C:\WINDOWS\system32\msupd5.exe
3R navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\system32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3R NSCService (Norton Protection Center Service) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\system32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SAVScan (Symantec AVScan) - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SPBBCSvc - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{F36D09CD-D108-4A24-ADE5-A4AF066231A8}
2R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs

-- Scheduled Tasks --------------------------------------------------------------

2007-02-23 20:00:01 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Scott.job<NORTON~1.JOB>
2005-11-29 23:02:28 480 -----n--- C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Scott.job<NORTON~2.JOB>

-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-23 19:49:29 0 d-------- C:\Documents and Settings\Scott\WinPFind3u<WINPFI~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-24 08:35:54 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-01-22 13:52:53 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft<MICROS~1>
2007-01-14 21:40:22 0 d-------- C:\Program Files\Symantec
2007-01-14 21:40:08 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-01-14 21:39:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 21:05:07 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-14 21:03:56 0 d-------- C:\Program Files\iTunes
2007-01-14 21:02:28 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-14 20:56:47 0 d-------- C:\Program Files\AIM
2007-01-14 20:43:54 0 d-------- C:\Documents and Settings\Scott\Application Data\Symantec
2007-01-14 14:49:32 0 d-------- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-01-14 14:47:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-14 10:08:11 0 d-------- C:\Program Files\Grisoft
2007-01-13 15:38:43 0 d-------- C:\Program Files\RegScrubXP<REGSCR~1>
2007-01-07 19:22:14 0 d-------- C:\Program Files\iPod
2007-01-07 19:19:04 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>
2007-01-06 10:18:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-06 10:17:47 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-06 10:04:02 0 d-------- C:\Documents and Settings\Scott\Application Data\FullAudio<FULLAU~1>
2007-01-06 09:50:48 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-01-06 09:34:27 0 d-------- C:\Program Files\Barbie™<BARBIE~1>
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 -----n--- C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 -----n--- C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CREATA~1\\Plus\\FMRemind.exe "
"item"="CreataCard Plus 3 Forget Me Not Reminders Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MemoryCardManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lexmark\\Lexmark Photo Center\\MemoryCardManager.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.123-party...mages/01303.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.awltovhc....368...130,1,0,0

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.haunted.5...ss-horseman.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.aeroposta...w_tops_8736.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source REG_SZ http://www.limitedto...3224233_074.jpg

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e66519ab-0cea-11d9-9ece-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe
Shell\dxsetup\command D:\directx\dxsetup.exe
Shell\setup\command D:\setup.exe

-- End of ComboScan: finished at 2007-02-24 at 10:59:29 -------------------------

#6
don77

Posted 24 February 2007 - 07:02 PM

Malware Expert

Retired Staff
18,526 posts

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)

Next Reboot into SAFE MODE
Search for and delete the Folders highlighted in Blue Files highlighted in BOLD

C:\hjt\backups <-- delete this folder

Restart your computer,

Next

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next

Rescan with comboscan and please post back both logs from it,
Post back a fresh HJT log as well please

#7
leftylef

Posted 25 February 2007 - 08:45 AM

Member

Topic Starter
Member
10 posts

OK, I did what you asked me to do. My "Documents and Settings" folder was blue but it couldn't be deleted.

Here are the new Comboscan log

ComboScan v20070221.16 run by Scott on 2007-02-25 at 09:39:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Scott.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:39:49 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Scott\Desktop\comboscan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\hjt\Scott.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-23 19:49:29 0 d-------- C:\Documents and Settings\Scott\WinPFind3u<WINPFI~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-25 09:33:52 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-02-24 21:03:07 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-01-22 13:52:53 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft<MICROS~1>
2007-01-14 21:40:22 0 d-------- C:\Program Files\Symantec
2007-01-14 21:39:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 21:05:07 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-14 21:03:56 0 d-------- C:\Program Files\iTunes
2007-01-14 21:02:28 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-14 20:56:47 0 d-------- C:\Program Files\AIM
2007-01-14 20:43:54 0 d-------- C:\Documents and Settings\Scott\Application Data\Symantec
2007-01-14 14:49:32 0 d-------- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-01-14 14:47:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-14 10:08:11 0 d-------- C:\Program Files\Grisoft
2007-01-13 15:38:43 0 d-------- C:\Program Files\RegScrubXP<REGSCR~1>
2007-01-07 19:22:14 0 d-------- C:\Program Files\iPod
2007-01-07 19:19:04 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>
2007-01-06 10:18:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-06 10:17:47 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-06 10:04:02 0 d-------- C:\Documents and Settings\Scott\Application Data\FullAudio<FULLAU~1>
2007-01-06 09:50:48 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-01-06 09:34:27 0 d-------- C:\Program Files\Barbie™<BARBIE~1>
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 -----n--- C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 -----n--- C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CREATA~1\\Plus\\FMRemind.exe "
"item"="CreataCard Plus 3 Forget Me Not Reminders Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MemoryCardManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lexmark\\Lexmark Photo Center\\MemoryCardManager.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.123-party...mages/01303.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.awltovhc....368...130,1,0,0

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.haunted.5...ss-horseman.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.aeroposta...w_tops_8736.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source REG_SZ http://www.limitedto...3224233_074.jpg

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-02-25 at 09:40:39 -------------------------

Here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:41:57 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks so much for taking the time to help me

#8
don77

Posted 25 February 2007 - 10:06 AM

Malware Expert

Retired Staff
18,526 posts

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.

Next
Close out Superantispyware as well please, in your icon tray right click on the Superantispyware and click Close, it will ask you if you want to Exit click Yes

Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)

Close HJT, Reboot and post back a fresh HJT log for me please

OK, I did what you asked me to do. My "Documents and Settings" folder was blue but it couldn't be deleted.

I just wanted you to delete the HJT back up folder, seems to be gone now so no worries about that

#9
leftylef

Posted 02 March 2007 - 06:49 PM

Member

Topic Starter
Member
10 posts

Here is the hijack this log:

Those 3 bho's will NOT go away. Computer is still so darn slow.

Logfile of HijackThis v1.99.1
Scan saved at 7:44:53 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#10
don77

Posted 03 March 2007 - 09:19 PM

Malware Expert

Retired Staff
18,526 posts

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#11
leftylef

Posted 11 March 2007 - 06:47 PM

Member

Topic Starter
Member
10 posts

Here it is, sorry it took me so long. I also tried to get rid of those 3 bho's with no name in safe mode. Didn't work

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 11, 2007 8:46:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/03/2007
Kaspersky Anti-Virus database records: 280402
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61537
Number of viruses found: 33
Number of infected objects: 217 / 0
Number of suspicious objects: 2
Duration of the scan process: 03:28:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine3715FD0.bat Infected: Trojan.BAT.Netstop.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine8BB4948.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine94137AF.cab/turbo.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine94137AF.cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine94137AF.cab CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineE9E6C94.exe Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineECB3862.txt Infected: Trojan-Downloader.Win32.IstBar.ha skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineED86053.exe Infected: Trojan-Downloader.Win32.IstBar.ha skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AD906C3.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AE304B8.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D218E7.exe Infected: Trojan.Win32.Agent.aw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D642E4.txt Infected: Trojan.Win32.Agent.aw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AD5161A.sys Infected: Trojan.Win32.Agent.aw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EA452A0.exe Infected: Trojan.Win32.SecondThought.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375B2FBB.exe Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E42408A.com Infected: Trojan.Win32.Crypt.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFE08A2.txt Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455457BE.exe Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52C12E42.cab/turbo.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52C12E42.cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52C12E42.cab CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52F414EF.exe Infected: Trojan-Proxy.Win32.Delf.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F3A00D8.txt Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61006225.txt Infected: Trojan.Win32.Golid.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\654B7E51.tmp Infected: Trojan-Downloader.Java.OpenStream.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\675325EE.dll Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B9A574E.htm Infected: Exploit.VBS.Phel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71C66ED6.scr Infected: IM-Worm.Win32.Opanki.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71E13EB9.scr Infected: IM-Worm.Win32.Opanki.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\746207D3.com Infected: Trojan.Win32.Crypt.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\746F2FC4.com Infected: Trojan.Win32.Crypt.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D07133F.dll Infected: not-a-virus:AdWare.Win32.180Solutions.b skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\b.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\b.exe WiseSFX: infected - 13 skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\blubster.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\blubster.exe WiseSFX: infected - 13 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012007031120070312\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_318.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_508.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\UserData\index.dat Object is locked skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\b.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\b.exe WiseSFX: infected - 13 skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\All Users\Documents\blubster.exe WiseSFX: infected - 13 skipped
C:\Lefferts Backup\Documents\b.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Lefferts Backup\Documents\b.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents\b.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\b.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\b.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\b.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\b.exe WiseSFX: infected - 13 skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0013.BIN Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0014.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0016.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0016.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\blubster.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Lefferts Backup\Documents\blubster.exe WiseSFX: infected - 13 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\Local Settings\Temporary Internet Files\Content.IE5\ORQTMBAZ\counter[1].js Suspicious: Exploit.HTML.Mht skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe/data0007 Infected: Trojan.Win32.Qhost.ap skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4.exe NSIS: infected - 14 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0004/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe/data0008 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\all_files4b.exe NSIS: infected - 6 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe/data0007 Infected: Trojan.Win32.Qhost.ap skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4.exe NSIS: infected - 14 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0004/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0008 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\all_files4b.exe NSIS: infected - 6 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\MemWatcher.exe/data0004 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\MemWatcher.exe/data0006 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\Data\MemWatcher.exe NSIS: infected - 2 skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\MemWatcher.exe/data0004 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\MemWatcher.exe/data0006 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\Documents and Settings\~Madeline~\My Documents\Data\MemWatcher.exe NSIS: infected - 2 skipped
C:\Lefferts Backup\~Madeline~\Local Settings\Temporary Internet Files\Content.IE5\ORQTMBAZ\counter[1].js Suspicious: Exploit.HTML.Mht skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe/data0007 Infected: Trojan.Win32.Qhost.ap skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4.exe NSIS: infected - 14 skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0004/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe/data0008 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\all_files4b.exe NSIS: infected - 6 skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe/data0007 Infected: Trojan.Win32.Qhost.ap skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4.exe NSIS: infected - 14 skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0004/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.SideSearch.l skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe/data0008 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\all_files4b.exe NSIS: infected - 6 skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\MemWatcher.exe/data0004 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\MemWatcher.exe/data0006 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\Data\MemWatcher.exe NSIS: infected - 2 skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\MemWatcher.exe/data0004 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\MemWatcher.exe/data0006 Infected: Backdoor.Win32.VB.nb skipped
C:\Lefferts Backup\~Madeline~\My Documents\Data\MemWatcher.exe NSIS: infected - 2 skipped
C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080415\SmileyCentralSetup2.0.3.20.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3CB41017-F5CA-4C56-934C-ED02156251E6}\Setup.ilg Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt752NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt911NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP506\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Attached Files

kaspersky_070312.html 183.05KB 4 downloads

#12
don77

Posted 12 March 2007 - 07:38 PM

Malware Expert

Retired Staff
18,526 posts

All of the items found in the scan are in quarantine with Nortons

Lets get rid of the stuborn 02's

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
and Save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EFFF703-4278-6F97-423D-DC11C0FB1DD8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96B10A41-6820-72E2-2CBA-C84720F4FC94}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1187095B-1026-D76E-4E16-CEEFF21BB026}]

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Then double-click on the fix.reg file, and when it prompts to merge say yes,

reboot your computer and post back a fresh HJT log please

#13
leftylef

Posted 18 March 2007 - 07:47 AM

Member

Topic Starter
Member
10 posts

OK, I did what you said and added those to the registry. BHO's are still there. Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 9:45:05 AM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1187095B-1026-D76E-4E16-CEEFF21BB026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8EFFF703-4278-6F97-423D-DC11C0FB1DD8} - (no file)
O2 - BHO: (no name) - {96B10A41-6820-72E2-2CBA-C84720F4FC94} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Scott\Desktop\speedupmypc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#14
don77

Posted 18 March 2007 - 07:58 PM

Malware Expert

Retired Staff
18,526 posts

Open notepad and copy and paste next bold in it:

regedit /e bho.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
start notepad bho.txt

Save this as bho.bat , choose to save as "all files" and save it on your desktop.
Doubleclick on bho.bat and post the contents of it in your next reply