Yesterday I was notified of 3 Trojans then a bunch of adware started popping up. An outerinfo Icon popped up in my system tray and I've been having lots of problems since. I found this site, and saw a post stating the exact same thing that happened to me. So I did all of the things my computer would let me do. ATF cleaner,System Restore, AVG anti adware program, Super Anti spyware . Then rebooted after each step. I tried using the panda scanner but each time a win 32 bar at the bottom would pop up and wouldnt allow the scan to complete. My computer already has the SP2 pack, and I have avast antivirus which has lapsed, I thought about uninstalling it but wasn't sure if I could do that right. I have tried to follow the instructions as closely as possible.
I also realize that you are working for free, so any advice will be greatly appreciated. Hopefully I did everything right. I feel as though I may have screwed up here and there just let me know and I'll try to get it right. Here are the logs I read about posting in order to receive advice: oh and I tried to save the uninstall list from the hijacklog but each time I'd click "save list" nothing would happen.
With the AVG anti-adware no reports were available.
Thanks for taking the time to read this post.
Vicky
SUPERAntiSpyware Scan Log
Generated 06/21/2007 at 04:28 PM
Application Version : 3.6.1000
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Complete Scan
Total Scan Time : 06:16:51
Memory items scanned : 453
Memory threats detected : 2
Registry items scanned : 7481
Registry threats detected : 167
File items scanned : 138107
File threats detected : 90
Trojan.Downloader-Gen/RetAd
C:\WINDOWS\RETADPU1000106.EXE
C:\WINDOWS\RETADPU1000106.EXE
[runner1] C:\WINDOWS\RETADPU1000106.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\Windows\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ]
C:\WINDOWS\RETADPU2000219.EXE
C:\Windows\Prefetch\RETADPU1000106.EXE-068BBDFD.pf
Trojan.ZenoSearch
C:\WINDOWS\SYSTEM32\OWINPNDT.EXE
C:\WINDOWS\SYSTEM32\OWINPNDT.EXE
C:\Windows\system32\msnav32.ax
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.RC18227\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5CSZLLWX\DT[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0318587.EXE
C:\Windows\Prefetch\OWINPNDT.EXE-37DD46C2.pf
Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-21-4189721917-290644608-3456947449-500\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
Adware.Accoona
HKLM\Software\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\InprocServer32
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\InprocServer32#ThreadingModel
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\ProgID
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\TypeLib
HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\VersionIndependentProgID
C:\PROGRAM FILES\ACCOONA\ATOOLBAR.DLL
HKLM\Software\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32#ThreadingModel
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\ProgID
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\Programmable
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\TypeLib
HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\VersionIndependentProgID
C:\PROGRAM FILES\ACCOONA\ASEARCHASSIST.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}
C:\PROGRAM FILES\THEMEXP\THEMEXP.ORG FILE\ATOOLBAR400011.EXE
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GFQJDHXE.DLL
HKLM\Software\Classes\CLSID\{B1FD7898-8368-4076-A43D-6856ACAC9538}
HKCR\CLSID\{B1FD7898-8368-4076-A43D-6856ACAC9538}
HKCR\CLSID\{B1FD7898-8368-4076-A43D-6856ACAC9538}
HKCR\CLSID\{B1FD7898-8368-4076-A43D-6856ACAC9538}\InProcServer32
HKCR\CLSID\{B1FD7898-8368-4076-A43D-6856ACAC9538}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\TYPINGMASTER\RYXYB83122.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1FD7898-8368-4076-A43D-6856ACAC9538}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
Trojan.HyperLinker/LinkMaker
HKLM\Software\Classes\CLSID\{85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1}
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}\InprocServer32
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}\InprocServer32#ThreadingModel
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}\ProgID
HKCR\CLSID\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\HLWIN.DLL
Adware.SearchClickAds
HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}#AppID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32#ThreadingModel
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\ProgID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\Programmable
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\TypeLib
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\VersionIndependentProgID
C:\WINDOWS\CFG32O.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKLM\SOFTWARE\zAbstract
HKLM\SOFTWARE\zAbstract#r
HKLM\SOFTWARE\zAbstract#App1
HKLM\SOFTWARE\zAbstract#App3
HKLM\SOFTWARE\zAbstract#App4
HKLM\SOFTWARE\zAbstract#App5
HKLM\SOFTWARE\zAbstract#Version
HKLM\SOFTWARE\zAbstract#BundleID
HKLM\SOFTWARE\zAbstract#Parent
HKLM\SOFTWARE\zAbstract#App2
HKLM\SOFTWARE\zAbstract#CList
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0318585.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0318586.DLL
C:\WINDOWS\CFG32A.EXE
C:\WINDOWS\CFG32R.DLL
C:\WINDOWS\CFG32S.DLL
C:\WINDOWS\STUB_MMA2.EXE
C:\Windows\Prefetch\CFG32A.EXE-1D5F6A5C.pf
Trojan.Downloader-Gen/BasicMath
HKLM\System\ControlSet001\Services\Net Agent
C:\WINDOWS\DLS0523PMW.EXE
HKLM\System\ControlSet002\Services\Net Agent
HKLM\System\CurrentControlSet\Services\Net Agent
C:\Windows\Prefetch\DLS0523PMW.EXE-034E73CF.pf
Adware.180solutions/Search Assistant
HKCR\MediaGatewayX.Installer
HKCR\MediaGatewayX.Installer\CLSID
HKCR\MediaGatewayX.Installer\CurVer
HKCR\MediaGatewayX.Installer.1
HKCR\MediaGatewayX.Installer.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [ ]
Adware.180solutions/ZangoSearch
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib#Version
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\0
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\0\win32
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\FLAGS
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\HELPDIR
Adware.WebHancer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey#UninstallString
Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Type
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Start
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString
C:\Windows\offun.exe
Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlocker
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility\v3.0
C:\Documents and Settings\Administrator.RC18227\Application Data\SpamBlockerUtility
HKCR\SpamBlockerConfig.Application
HKCR\SpamBlockerConfig.Application\Clsid
HKCR\SpamBlockerConfig.Application.1
HKCR\SpamBlockerConfig.Application.1\Clsid
HKLM\Software\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility\Hotbar
HKLM\Software\SpamBlockerUtility\Hotbar\Install
HKLM\Software\SpamBlockerUtility\Hotbar\Install#StartInstall
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2#PID00
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Upgrade
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Upgrade#LastChecked
Adware.BookedSpace
HKCR\AppID\Scaggy.DLL
HKCR\AppID\Scaggy.DLL#AppID
HKCR\Scaggy.Insert
HKCR\Scaggy.Insert\CLSID
HKCR\Scaggy.Insert\CurVer
HKCR\Scaggy.Insert.1
HKCR\Scaggy.Insert.1\CLSID
HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0\win32
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\FLAGS
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\HELPDIR
Adware.Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString
Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\Administrator.RC18227\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator.RC18227\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Administrator.RC18227\Start Menu\Programs\Outerinfo
Adware.Web Buying
HKU\S-1-5-21-4189721917-290644608-3456947449-500\Software\WebBuying
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.RC18227\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.RC18227\LOCAL SETTINGS\TEMP\WINANTIVIRUSPRO2007FREEINSTALL.EXE
Adware.RAC
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.RC18227\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KRBZUKD5\ACDT-PID67N[1].EXE
Adware.eZula
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.RC18227\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UPNWTWNQ\TOB_SND_20070616[1]
Adware.k8l
C:\PROGRAM FILES\MSN GAMING ZONE\ZYSOJAD.HTML
Adware.WebBuying-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP588\A0317482.EXE
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0317510.EXE
C:\WINDOWS\SYSTEM32\S6\WR613.EXE
Adware.SysMon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0317536.EXE
C:\WINDOWS\SYSTEM32\S1\BK53.EXE
Trojan.Downloader-WebBuying/PopEngine
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP589\A0317541.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP591\A0318961.DLL
Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP591\A0318963.DLL
Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP591\A0318964.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP591\A0318965.EXE
C:\WINDOWS\WBUN.EXE
C:\Windows\Prefetch\WBUN.EXE-060F5402.pf
Trojan.Downloader-Gen/Installer
C:\WINDOWS\B103.EXE
C:\WINDOWS\B104.EXE
Spyware.RelevantKnowledge
C:\WINDOWS\ITPB_3.EXE
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\DWDSREGT.EXE
C:\Windows\Prefetch\DWDSREGT.EXE-373063D8.pf
Trojan.Downloader-Gen/BundleBase
C:\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE
Trojan.PreUninstallHL/32
C:\WINDOWS\SYSTEM32\PREUNINSTALLHL.EXE
Trojan.Rootkit-TnCore/Installer
C:\WINDOWS\SYSTEM32\S4\WEN2.EXE
Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
Trace.Known Threat Sources
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temp\Temporary Internet Files\Content.IE5\7NBBF0L9\Layout[1].js
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\WHE7O5AV\config[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\TXBUP1HB\campaigns7[1].encrypted
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\DO9PF8C8\client_settings_3[1].bin
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\KRBZUKD5\cache[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\OJNZAKXD\bundle[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\KPMQVJ5O\addisplay[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\NZL3NP4O\addisplay[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\WHE7O5AV\addisplay[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\Y9167AXC\addisplay[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\KPMQVJ5O\config[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\JGWN5XO1\addisplay[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\KPMQVJ5O\styler[1].css
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\05UNC5EZ\main.shadow.top[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\UPNWTWNQ\nf404[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\8ENPUMD5\scan.bar[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\05UNC5EZ\page.screenshot[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\5CSZLLWX\shield-pro-3[1].htm
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\8ENPUMD5\main.shadow.btm[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\Q2FL2WM9\scan.bg[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\3F1ZJTGK\solution[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\TXBUP1HB\icon.arrow[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\X3L91NA2\scan.txt[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\TXBUP1HB\button.download[1].gif
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\NZL3NP4O\ffa_mv20070611[1]
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\3F1ZJTGK\koocwolla_20070601[1]
C:\Documents and Settings\Administrator.RC18227\Local Settings\Temporary Internet Files\Content.IE5\NZL3NP4O\nauj_20070613_1[1]
Logfile of HijackThis v1.99.1
Scan saved at 7:27:12 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Administrator.RC18227\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Documents and Settings\Administrator.RC18227\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{7E-EB-B0-0E-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator.RC18227\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\Windows\system32\fadlrmxc.dll",realset
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\modsregs.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.218 - http://64.85.20.102/Java/cfs31218.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potg_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc.../bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Administrator.RC18227\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\Windows\system32\drivers\KodakCCS.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe