Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Comp [RESOLVED]

Started by cartzz , Feb 20 2007 09:43 PM

This topic is locked

#1
cartzz

Posted 20 February 2007 - 09:43 PM

Member

Member
60 posts

I have followed all instructions in the forum but am still troubled by slow startup speeds as well as problems processing basic tasks. My net speed is also down.

EWIDO SCAN REPORT:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:54:25 PM 2/07/2006

+ Scan result:

HKU\S-1-5-21-1614895754-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\anderson0.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\anderson0.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-813497703-839522115-1004\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SplWbr.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ssqpmnk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Local Settings\Application Data\d1c0ecb.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Local Settings\Application Data\d1c0ecb.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Local Settings\Application Data\d1c0ecb.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win18.tmp.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\d1c0ecb.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\14GVL1GP\L[1].exe -> Downloader.Small.cvw : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win21E.tmp.exe -> Downloader.Small.cvw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.jc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.ui : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\carter@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msctl32.dll -> Trojan.Agent.ly : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Local Settings\Temp\cli61.tmp -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\Documents and Settings\carter\Local Settings\Temp\svrhost.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Azureus\shares\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Application Data\Symantec\Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\NetHood\SharedDocs on Family Computer (Home)\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Jules\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Documents and Settings\Rob\Desktop\Rob's Folder\pricelist.zip/jshxqvhg.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sony Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SureThing Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Symantec Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\CyberLink\Shared Files\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\EndNote 9\DbSupport\share\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\.NetworkShare\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\Shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\1.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\10.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\2.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\3.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\4.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\5.scr -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\6.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\8.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\ACDSee 9.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\Adobe Photoshop 9 full.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\Ahead Nero 7.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\Opera 8 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\WinAmp 6 New!.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\ime\shared\XXX hardcore images.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sysformat.exeopen -> Worm.Bagle.fj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sysformat.exeopenopen/copycldms.exe -> Worm.Bagle.fj : Cleaned with backup (quarantined).

::Report end

SUPER ANTISPYWARE REPORT:

SUPERAntiSpyware Scan Log
Generated 02/20/2007 at 05:20 PM

Application Version : 3.5.1016

Core Rules Database Version : 3186
Trace Rules Database Version: 1196

Scan type : Complete Scan
Total Scan Time : 02:45:10

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 5987
Registry threats detected : 16
File items scanned : 101658
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\carter\Cookies\carter@atdmt[2].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

Browser Hijacker.Begin2Search
HKU\S-1-5-21-1614895754-813497703-839522115-1004\Software\In3rd

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\TITAN POKER\CASINO.EXE

Adware.Vundo Variant
C:\VUNDOFIX BACKUPS\SSTTU.DLL

PANDA SCAN REPORT:

Incident Status Location

#2
cartzz

Posted 20 February 2007 - 09:54 PM

Member

Topic Starter
Member
60 posts

Sorry, the rest of it:

PANDA SCAN REPORT:

Incident Status Location

Adware:adware/cws.searchmeup Not disinfected c:\windows\system32\bose.ico
Adware:adware/comet Not disinfected c:\windows\inf\dm.inf
Adware:adware/dollarrevenue Not disinfected c:\windows\timessquare1.dat
Adware:adware/webattaker Not disinfected c:\windows\uniq
Adware:adware program Not disinfected c:\windows\system32\cache32dsrf4535dfs
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/memorywatcher Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Virus:trj/qhost.gen Disinfected Operating system
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
Dialer:Dialer.HOI Not disinfected C:\HJT\backups\backup-20051204-122925-207.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi6.inf
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070212-113231.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.msn

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:53:39 PM, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - file://C:\Program Files\Mentor\Mentor for Networking\static\streetno.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121067892968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132561730015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

thanks for the help!

#3
RiP

Posted 03 March 2007 - 11:32 AM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Since it's been awhile since your last post, please post a new Hijackthis log for review.

#4
cartzz

Posted 09 March 2007 - 08:39 PM

Member

Topic Starter
Member
60 posts

Logfile of HijackThis v1.99.1
Scan saved at 1:39:14 PM, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - file://C:\Program Files\Mentor\Mentor for Networking\static\streetno.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121067892968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132561730015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#5
RiP

Posted 10 March 2007 - 07:58 PM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Double-click sspsetup1.exe to install it.
Before installation it may ask you to check for program updates. Click YES.
Then finish installation leaving all the default options.
Once the program is installed, it will ask if you wish to reboot now choose YES.
After reboot, open SpySweeper, by double-clicking the icon on your desktop.
Click Options on the left side.
Click the Sweep tab.
Under Items to Sweep make sure the following are checked:
- Windows registry
- Memory objects
- Cookies
- Compressed Files
- System Restore Folder
Under Other Options make sure the following are checked:
- Sweep all user accounts
- Enable Direct Disk Sweeping
- Sweep for rootkits
Click the Sweep button on the left side.
Click the Start Sweep button.
When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
It will quarantine all of the items found.
Click View Session Log in the right corner above the box where the items are listed.
Click Save to File and save it on your desktop.
Exit SpySweeper.
Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Please include a new HijackThi log, as well.

Edited by __RiP_ChAiN_, 10 March 2007 - 07:59 PM.

#6
cartzz

Posted 11 March 2007 - 02:41 AM

Member

Topic Starter
Member
60 posts

Spy sweeper session log:

7:38 PM: Removal process completed. Elapsed time 00:00:17
7:38 PM: Quarantining All Traces: zedo cookie
7:38 PM: Quarantining All Traces: burstnet cookie
7:38 PM: Quarantining All Traces: tribalfusion cookie
7:38 PM: Quarantining All Traces: tradedoubler cookie
7:38 PM: Quarantining All Traces: serving-sys cookie
7:38 PM: Quarantining All Traces: overture cookie
7:38 PM: Quarantining All Traces: webpower cookie
7:38 PM: Quarantining All Traces: dealtime cookie
7:38 PM: Quarantining All Traces: clickbank cookie
7:38 PM: Quarantining All Traces: bs.serving-sys cookie
7:38 PM: Quarantining All Traces: tacoda cookie
7:38 PM: Quarantining All Traces: advertising cookie
7:38 PM: Quarantining All Traces: adultfriendfinder cookie
7:38 PM: Quarantining All Traces: adtech cookie
7:38 PM: Quarantining All Traces: about cookie
7:38 PM: Quarantining All Traces: 2o7.net cookie
7:38 PM: Quarantining All Traces: mediaplex cookie
7:38 PM: Quarantining All Traces: imrworldwide.com cookie
7:38 PM: Quarantining All Traces: casalemedia cookie
7:38 PM: Quarantining All Traces: atlas dmt cookie
7:38 PM: Quarantining All Traces: yieldmanager cookie
7:38 PM: Quarantining All Traces: whenu save
7:38 PM: Quarantining All Traces: prosearch.com hijack
7:38 PM: Quarantining All Traces: livesexcams
7:38 PM: Quarantining All Traces: cws-aboutblank
7:38 PM: Removal process initiated
7:18 PM: Traces Found: 44
7:18 PM: Custom Sweep has completed. Elapsed time 00:48:26
7:18 PM: File Sweep Complete, Elapsed Time: 00:46:09
7:18 PM: Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7E4C000C
7:10 PM: Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7E6D000C
7:06 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
7:06 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
6:32 PM: Starting File Sweep
6:32 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
6:32 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:32 PM: c:\documents and settings\carter\cookies\carter@zedo[2].txt (ID = 3762)
6:32 PM: Found Spy Cookie: zedo cookie
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 1958)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 2337)
6:32 PM: Found Spy Cookie: burstnet cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@webpower[1].txt (ID = 3660)
6:32 PM: c:\documents and settings\carter\cookies\carter@tribalfusion[1].txt (ID = 3589)
6:32 PM: Found Spy Cookie: tribalfusion cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@tradedoubler[1].txt (ID = 3575)
6:32 PM: Found Spy Cookie: tradedoubler cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@tacoda[1].txt (ID = 6444)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 2506)
6:32 PM: c:\documents and settings\carter\cookies\carter@serving-sys[2].txt (ID = 3343)
6:32 PM: Found Spy Cookie: serving-sys cookie
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 2038)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 3106)
6:32 PM: c:\documents and settings\carter\cookies\carter@overture[2].txt (ID = 3105)
6:32 PM: Found Spy Cookie: overture cookie
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 3661)
6:32 PM: Found Spy Cookie: webpower cookie
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 1958)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 1958)
6:32 PM: c:\documents and settings\carter\cookies\carter@mediaplex[1].txt (ID = 6442)
6:32 PM: c:\documents and settings\carter\cookies\carter@imrworldwide[2].txt (ID = 2845)
6:32 PM: c:\documents and settings\carter\cookies\carter@dealtime[1].txt (ID = 2505)
6:32 PM: Found Spy Cookie: dealtime cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@clickbank[1].txt (ID = 2398)
6:32 PM: Found Spy Cookie: clickbank cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@casalemedia[1].txt (ID = 2354)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][2].txt (ID = 2330)
6:32 PM: Found Spy Cookie: bs.serving-sys cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@atdmt[2].txt (ID = 2253)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 6445)
6:32 PM: Found Spy Cookie: tacoda cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@advertising[1].txt (ID = 2175)
6:32 PM: Found Spy Cookie: advertising cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@adultfriendfinder[2].txt (ID = 2165)
6:32 PM: Found Spy Cookie: adultfriendfinder cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@adtech[1].txt (ID = 2155)
6:32 PM: Found Spy Cookie: adtech cookie
6:32 PM: c:\documents and settings\carter\cookies\[email protected][1].txt (ID = 3751)
6:32 PM: c:\documents and settings\carter\cookies\carter@about[2].txt (ID = 2037)
6:32 PM: Found Spy Cookie: about cookie
6:32 PM: c:\documents and settings\carter\cookies\carter@2o7[2].txt (ID = 1957)
6:32 PM: c:\documents and settings\carter\cookies\[email protected][2].txt (ID = 1958)
6:32 PM: c:\documents and settings\admin\cookies\[email protected][1].txt (ID = 1958)
6:32 PM: c:\documents and settings\admin\cookies\admin@atdmt[1].txt (ID = 2253)
6:32 PM: c:\documents and settings\dave\cookies\[email protected][1].txt (ID = 1958)
6:32 PM: Found Spy Cookie: 2o7.net cookie
6:32 PM: c:\documents and settings\dave\cookies\dave@mediaplex[1].txt (ID = 6442)
6:32 PM: Found Spy Cookie: mediaplex cookie
6:32 PM: c:\documents and settings\dave\cookies\dave@imrworldwide[2].txt (ID = 2845)
6:32 PM: Found Spy Cookie: imrworldwide.com cookie
6:32 PM: c:\documents and settings\dave\cookies\dave@casalemedia[1].txt (ID = 2354)
6:32 PM: Found Spy Cookie: casalemedia cookie
6:32 PM: c:\documents and settings\dave\cookies\dave@atdmt[2].txt (ID = 2253)
6:32 PM: Found Spy Cookie: atlas dmt cookie
6:32 PM: c:\documents and settings\dave\cookies\[email protected][2].txt (ID = 3751)
6:32 PM: Found Spy Cookie: yieldmanager cookie
6:32 PM: Starting Cookie Sweep
6:32 PM: Registry Sweep Complete, Elapsed Time:00:00:24
6:32 PM: HKU\S-1-5-21-1614895754-813497703-839522115-1004\software\vcom\dialers\ (ID = 1573666)
6:32 PM: HKU\S-1-5-21-1614895754-813497703-839522115-1004\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
6:32 PM: HKU\S-1-5-21-1614895754-813497703-839522115-1004\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
6:32 PM: Found Adware: cws-aboutblank
6:32 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-813497703-839522115-1011\software\microsoft\windows\currentversion\run\ || whenusave (ID = 773978)
6:32 PM: Found Adware: whenu save
6:32 PM: HKLM\software\vcom\dialers\ (ID = 1573674)
6:32 PM: Found Adware: livesexcams
6:32 PM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
6:32 PM: Found Adware: prosearch.com hijack
6:32 PM: Starting Registry Sweep
6:32 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
6:30 PM: Starting Memory Sweep
6:30 PM: Start Custom Sweep
6:30 PM: Sweep initiated using definitions version 876
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:25 PM: Shield States
6:25 PM: Spyware Definitions: 876
6:25 PM: Spy Sweeper 5.3.2.2361 started
6:25 PM: Spy Sweeper 5.3.2.2361 started
6:25 PM: | Start of Session, Sunday, 11 March 2007 |
***************

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 7:39:39 PM, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] "C:\Program Files\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - file://C:\Program Files\Mentor\Mentor for Networking\static\streetno.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121067892968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132561730015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Cheers!!

#7
RiP

Posted 12 March 2007 - 02:12 AM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Your HijackThis log is now clean, are you still experiencing any malware related issues?

#8
cartzz

Posted 19 March 2007 - 12:54 AM

Member

Topic Starter
Member
60 posts

I'm still experiencing excessively slow speeds, especially during startup/logging into profile; when performing simple taks like opening a folder(s); using the internet or performing multiple tasks at once, but I cant work out why...seeing as my HJT log is clear, is there anything else it could be?

#9
RiP

Posted 19 March 2007 - 10:52 AM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Your computer does have a lot of programs running that we could disable for improved performance, if you wish?

#10
cartzz

Posted 19 March 2007 - 05:19 PM

Member

Topic Starter
Member
60 posts

Absolutely! Im trying to go through and get rid of anything i dont need...any help from you would be great!

#11
RiP

Posted 20 March 2007 - 12:52 PM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Reboot and let me know how it works for you.

#12
cartzz

Posted 20 March 2007 - 11:54 PM

Member

Topic Starter
Member
60 posts

I'm really suprprised at the difference deleting those programs has made! Is there anything else you can suggest I do in order to increase speed further?

Also, I've had a strange file on my computer for some time now...it seems to contain a long (LONG) list of movie titles as.zip files, but when i try to track the file down, I can't find it. Whenever I perform a search or a scan, it has to spend up to ten mintues just on the file...is there any way I can find and get rid of it?

#13
RiP

Posted 22 March 2007 - 09:38 AM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

I'm really suprprised at the difference deleting those programs has made! Is there anything else you can suggest I do in order to increase speed further?

If you want to increase the performance a tad further, post a new HJT log and we'll see what we can do.

Is the file you're referring to a .zip file as well, or are you not certain what type it is? If it is .zip extension you can do a windows search for *.zip and it will bring up all the files by that extension it can find. It sounds as though it's a massive file by the time you say it takes to pass the file. When it does so, does it list the file name?

#14
cartzz

Posted 23 March 2007 - 05:15 AM

Member

Topic Starter
Member
60 posts

Logfile of HijackThis v1.99.1
Scan saved at 10:14:51 PM, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] "C:\Program Files\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - file://C:\Program Files\Mentor\Mentor for Networking\static\streetno.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121067892968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132561730015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#15
RiP

Posted 26 March 2007 - 01:19 PM

Malware Expert

Retired Staff
8,430 posts

Hello cartzz,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please reboot and let me know if things are still running properly.