steps taken so far:
ran ATF cleaner
created system restore point
ran AVG Anti-Spyware in safe mode, but there were no report results available to post here
tried to run Super Anti-Spyware, but after 11 hours it was not complete and the computer was nearly dead
I had run it earlier in the day, so the log from that run is below
tried to run Panda Activescan but could not get the download to complete
ran Hijack This - log is below
could not get the uninstall list to save
HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:58 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exe
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Lightspeed Systems\SecurityAgent\SAAlert.exe
C:\Documents and Settings\All Users\Application Data\itqrwnef\cbsvazev.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\WINDOWS\system32\atstqjmh.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwgate0.freescale.net:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; *.freescale.net; *.freescale.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lsbxxspA] C:\WINDOWS\lsbxxspA.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [{64-4F-F0-0A-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [ShareSearcher] c:\wsusupd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [rkpibcfy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rkpibcfy.dll"
O4 - HKLM\..\Run: [ozyvwdkt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozyvwdkt.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Upazulsr] C:\WINDOWS\system32\?ssembly\c?rss.exe
O4 - HKCU\..\Run: [Riqsqgy] "C:\Program Files\Common Files\?icrosoft\w?nlogon.exe"
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\RACLE~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\MARKEV~1\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [lnznvolr] C:\WINDOWS\system32\atstqjmh.exe
O4 - HKLM\..\Policies\Explorer\Run: [OrfHnI9DaH] C:\Documents and Settings\All Users\Application Data\itqrwnef\cbsvazev.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {032B436A-1BA6-47D9-B183-A0E013C94A25} (FgIoOcx Control) - http://172.18.2.66/F...Dll/FgIoOcx.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malw...tup/webinst.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.87.cab
O16 - DPF: {3A2BF2DC-FDE5-4026-99B4-60F2999137AD} (FgConfigExecOcx Control) - http://172.18.2.66/F...nfigExecOcx.cab
O16 - DPF: {3AED1953-E7E9-418F-888C-7B497E038B77} (FgViewOcx Control) - http://172.18.2.66/F...l/FgViewOcx.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {5FF6BD84-D9FA-497E-BD43-FAA0DE338754} (FgStartupOcx Control) - http://172.18.2.66/F...gStartupOcx.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/...h2.1.0.0.68.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn...s/heartbeat.cab
O16 - DPF: {921DB7E5-1292-460F-AA99-217245A44330} (FgRawOcx Control) - http://172.18.2.66/F...ll/FgRawOcx.cab
O16 - DPF: {94279BAD-0B3C-4747-8869-8FBF27A675F8} (FgRecipeOcx Control) - http://172.18.2.66/F...FgRecipeOcx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {A97CF130-1C5E-4E07-A3FF-14BBE848DAC9} (FgAlarmOcx Control) - http://172.18.8.23/F.../FgAlarmOcx.cab
O16 - DPF: {B84BBE57-87E8-4335-8FD0-4B45A50E055E} (FgDbReportOcx Control) - http://172.18.2.66/F...DbReportOcx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/...tg.1.0.0.37.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn...6/heartbeat.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.98.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex....eck/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.211.1.10 10.211.1.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.211.1.10 10.211.1.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.211.1.10 10.211.1.8
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Security Agent Service (IpmSecurityAgentService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 11738 bytes
SUPER ANTI-SPYWARE LOG
SUPERAntiSpyware Scan Log
Generated 04/07/2008 at 11:07 AM
Application Version : 3.6.1000
Core Rules Database Version : 3343
Trace Rules Database Version: 1344
Scan type : Complete Scan
Total Scan Time : 02:20:58
Memory items scanned : 354
Memory threats detected : 1
Registry items scanned : 4991
Registry threats detected : 34
File items scanned : 64994
File threats detected : 228
Trojan.Downloader-LDCORE
C:\WINDOWS\SYSTEM32\LDCORE.DLL
C:\WINDOWS\SYSTEM32\LDCORE.DLL
Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}
Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
C:\WINDOWS\BOKJA.EXE
C:\WINDOWS\STCLOADER.EXE
Adware.Tracking Cookie
C:\Documents and Settings\mark everett\Cookies\meverett@advertising[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@mediaplex[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adrevolver[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@zedo[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@cgi-bin[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@interclick[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@tribalfusion[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@trafficmp[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@questionmarket[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@bluestreak[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adecn[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adrevolver[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@atdmt[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adbrite[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@revsci[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@collective-media[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@2o7[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@media6degrees[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@doubleclick[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@systemerrorfixer[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@azjmp[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@partner2profit[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@overture[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@toseeka[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@fastclick[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@exitexchange[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@tacoda[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@enhance[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adlegend[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@247realmedia[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@casalemedia[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@apmebf[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@realmedia[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@specificclick[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@statcounter[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@eyewonder[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@valueclick[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@burstnet[3].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@serving-sys[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@sextracker[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@hitbox[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@findwhat[1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@pro-market[2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@adserver[1].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][1].txt
C:\Documents and Settings\mark everett\Cookies\meverett@burstnet[2].txt
C:\Documents and Settings\mark everett\Cookies\[email protected][2].txt
C:\Documents and Settings\mark everett\Cookies\meverett@zedo[2].txt
Adware.180solutions/ZangoSearch
C:\Program Files\Zango\zango.exe
C:\Program Files\Zango
Adware.180solutions/Seekmo
C:\Program Files\Seekmo\seekmohook.dll
C:\Program Files\Seekmo
Malware.DriveCleaner
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files#C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files#C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion#LastModified
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UDC6_0001_D19M1908NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UDC6_0001_D19M1908NETINSTALLER.EXE
Malware.MalwareAlarm
HKCR\MalwareAlarm.WebInstall
HKCR\MalwareAlarm.WebInstall\CLSID
HKCR\MalwareAlarm.WebInstall\CurVer
HKCR\MalwareAlarm.WebInstall.1
HKCR\MalwareAlarm.WebInstall.1\CLSID
Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo
C:\Documents and Settings\mark everett\Start Menu\Programs\Outerinfo
Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A ]
Adware.AdSponsor/ISM
C:\Documents and Settings\mark everett\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\mark everett\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\mark everett\Start Menu\Programs\Internet Speed Monitor
Trojan.Downloader-Gen/DDC
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\QPFEYOKD.EXE
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\WXNYOCRP.EXE
C:\WINDOWS\SYSTEM32\AEQQXYMQ.EXE
C:\WINDOWS\SYSTEM32\AGHONSNG.EXE
C:\WINDOWS\SYSTEM32\AQJEBJPW.EXE
C:\WINDOWS\SYSTEM32\BECSKNVR.EXE
C:\WINDOWS\SYSTEM32\BUCCEWBJ.EXE
C:\WINDOWS\SYSTEM32\BYVSOIDQ.EXE
C:\WINDOWS\SYSTEM32\CLRYGCPY.EXE
C:\WINDOWS\SYSTEM32\DDKTSHLW.EXE
C:\WINDOWS\SYSTEM32\DEWGEHXR.EXE
C:\WINDOWS\SYSTEM32\DLKTTWAX.EXE
C:\WINDOWS\SYSTEM32\DRRIJAKK.EXE
C:\WINDOWS\SYSTEM32\EGLJCTSR.EXE
C:\WINDOWS\SYSTEM32\FAWAANSV.EXE
C:\WINDOWS\SYSTEM32\FBWFJYAO.EXE
C:\WINDOWS\SYSTEM32\FDYCPHEU.EXE
C:\WINDOWS\SYSTEM32\FEEGUJVK.EXE
C:\WINDOWS\SYSTEM32\GEMSUNNQ.EXE
C:\WINDOWS\SYSTEM32\GODPWNDB.EXE
C:\WINDOWS\SYSTEM32\HIHQHVIU.EXE
C:\WINDOWS\SYSTEM32\HJCVFRPT.EXE
C:\WINDOWS\SYSTEM32\HQKPXHQV.EXE
C:\WINDOWS\SYSTEM32\HTKJFDIX.EXE
C:\WINDOWS\SYSTEM32\IENPWCBV.EXE
C:\WINDOWS\SYSTEM32\IFBOBDCB.EXE
C:\WINDOWS\SYSTEM32\IJIXQMPD.EXE
C:\WINDOWS\SYSTEM32\INHRBOCO.EXE
C:\WINDOWS\SYSTEM32\ISRIICSX.EXE
C:\WINDOWS\SYSTEM32\IUIQFTXQ.EXE
C:\WINDOWS\SYSTEM32\IUKJOQVO.EXE
C:\WINDOWS\SYSTEM32\IXVPBQDJ.EXE
C:\WINDOWS\SYSTEM32\JBSSEKPE.EXE
C:\WINDOWS\SYSTEM32\JSMIXUHJ.EXE
C:\WINDOWS\SYSTEM32\JUXFRXPC.EXE
C:\WINDOWS\SYSTEM32\KFHYUWRA.EXE
C:\WINDOWS\SYSTEM32\LNBVJEWE.EXE
C:\WINDOWS\SYSTEM32\LPVLCEJM.EXE
C:\WINDOWS\SYSTEM32\LXEBWNKE.EXE
C:\WINDOWS\SYSTEM32\MCMVSMYO.EXE
C:\WINDOWS\SYSTEM32\MHOQNJWT.EXE
C:\WINDOWS\SYSTEM32\MJEQAFBV.EXE
C:\WINDOWS\SYSTEM32\MLYQUAGN.EXE
C:\WINDOWS\SYSTEM32\NAXJILHB.EXE
C:\WINDOWS\SYSTEM32\NEXDCDCI.EXE
C:\WINDOWS\SYSTEM32\NICAVQGY.EXE
C:\WINDOWS\SYSTEM32\NRNEIARL.EXE
C:\WINDOWS\SYSTEM32\NXSVNYVL.EXE
C:\WINDOWS\SYSTEM32\PARARTXD.EXE
C:\WINDOWS\SYSTEM32\PFOXVUWL.EXE
C:\WINDOWS\SYSTEM32\PPTJUQKA.EXE
C:\WINDOWS\SYSTEM32\QCXEGPIL.EXE
C:\WINDOWS\SYSTEM32\QDSVDQNI.EXE
C:\WINDOWS\SYSTEM32\QEECWPYT.EXE
C:\WINDOWS\SYSTEM32\QGFAPATU.EXE
C:\WINDOWS\SYSTEM32\SAOXHHMO.EXE
C:\WINDOWS\SYSTEM32\SYVBDAFC.EXE
C:\WINDOWS\SYSTEM32\TCKVEDSN.EXE
C:\WINDOWS\SYSTEM32\THJPOREY.EXE
C:\WINDOWS\SYSTEM32\TPIGNKNO.EXE
C:\WINDOWS\SYSTEM32\TPPLKKNQ.EXE
C:\WINDOWS\SYSTEM32\TSBFPHWI.EXE
C:\WINDOWS\SYSTEM32\TXOYHOQK.EXE
C:\WINDOWS\SYSTEM32\UWUSJXSW.EXE
C:\WINDOWS\SYSTEM32\VHLMEATU.EXE
C:\WINDOWS\SYSTEM32\WPNRNADJ.EXE
C:\WINDOWS\SYSTEM32\WRHQGMPQ.EXE
C:\WINDOWS\SYSTEM32\WRVCXJQT.EXE
C:\WINDOWS\SYSTEM32\XTUHFOFD.EXE
C:\WINDOWS\SYSTEM32\YAGJNLJG.EXE
C:\WINDOWS\SYSTEM32\YJEHYMIL.EXE
C:\WINDOWS\SYSTEM32\YNOXETAR.EXE
C:\WINDOWS\SYSTEM32\YWLBSPPC.EXE
Adware.webHancer
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\RARSFX0\WEBHDLL.DLL
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\RARSFX0\WHAGENT.EXE
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\RARSFX0\WHIEHLPR.DLL
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\RARSFX0\WHINSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\SYSWCC32.EXE
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EV6XYTOP\SYSWCC32[1].EXE
Trojan.Downloader-Gen/SnapSNet
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\SNAPSNET.EXE
Adware.WINSHOW
C:\DOCUMENTS AND SETTINGS\MARK EVERETT\LOCAL SETTINGS\TEMP\WINSHOW.EXE
Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE
Trojan.Downloader-CREW
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BF3FE299-69A3-4A2F-AFD6-76A865DC0766}\RP373\A0022640.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BF3FE299-69A3-4A2F-AFD6-76A865DC0766}\RP393\A0023839.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BF3FE299-69A3-4A2F-AFD6-76A865DC0766}\RP397\A0025865.DLL
Malware.LocusSoftware Inc-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UGA6P_0001_N120M1710NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UGA6P_0001_N120M1710NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\UGA6P_0001_N120M1710NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\UGA6P_0001_N120M1710NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.5\UGA6P_0001_N120M1710NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N120M1710NETINSTALLER.EXE
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N99M2908NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UWA7P_0001_N99M2908NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\UWA7P_0001_N99M2908NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA7P_0001_N99M2908NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWAS7_0001_N99M3108NETINSTALLER.EXE
Trojan.ErrorSafe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERS_9999_N91S1502NETINSTALLER.EXE
Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE
Adware.Vundo/Traff-2
C:\WINDOWS\SYSTEM32\AOWRMAIM.EXE
C:\WINDOWS\SYSTEM32\CAOFIBUR.EXE
C:\WINDOWS\SYSTEM32\CTSQCEKT.EXE
C:\WINDOWS\SYSTEM32\DLMVUJPL.EXE
C:\WINDOWS\SYSTEM32\FODYDJKB.EXE
C:\WINDOWS\SYSTEM32\HFFBVGMW.EXE
C:\WINDOWS\SYSTEM32\JUTMNGDU.EXE
C:\WINDOWS\SYSTEM32\KCUTUMRO.EXE
C:\WINDOWS\SYSTEM32\MOEDAJGA.EXE
C:\WINDOWS\SYSTEM32\MSFUVORX.EXE
C:\WINDOWS\SYSTEM32\OCKKGEOC.EXE
C:\WINDOWS\SYSTEM32\RPEEAXTU.EXE
C:\WINDOWS\SYSTEM32\RVPRDLWN.EXE
C:\WINDOWS\SYSTEM32\SPHLSBFM.EXE
C:\WINDOWS\SYSTEM32\XSJGGXJT.EXE
C:\WINDOWS\SYSTEM32\YFJNPXQV.EXE
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSTSSV32.EXE
Trace.Known Threat Sources
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\4J97CD51\ctxad-576[1].0000
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\49UZKP63\ctxad-576[1].0004
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\49UZKP63\ajax[1].htm
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\Q3M3U9UZ\checksoft[1].js
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\GLEF4PM7\CAR28FNL.htm
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\YV5PEN7Z\ctxad-576[1].0002
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\GLEF4PM7\ctxad-576[1].0005
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\LXYMS0O4\CADS2X9V.htm
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\LXYMS0O4\ctxad-576[1].0001
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\UHWZ8V4H\ctxad-576[1].sig
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\S9E3S9M7\errorhandler[1].htm
C:\Documents and Settings\mark everett\Local Settings\Temporary Internet Files\Content.IE5\Q3M3U9UZ\test[1].gif