[Tadams1986]

I couldn't download kaspersky. Here's the log from Dr. Web Cureit:

aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.;
kriv[1];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\D7O6G99B;Trojan.Virtumod.370;Deleted.;
idkfa[1];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YZCASOEE;Trojan.Virtumod.372;Deleted.;
Process.exe;C:\Documents and Settings\owner1\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\owner1\Desktop\SmitfraudFix;Tool.ShutDown.11;;
AirportTycoon3Setup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
BBB-dm[1].exe;C:\Downloads;Adware.TryMedia;;
BellesBeautyBoutiqueSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
FamilyFeud2setup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
FamilyFeudHolidaySetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
FamilyFeudHolidaySetup[1].exe;C:\Downloads;Adware.TryMedia;;
FamilyFeudIISetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
FamilyFeudSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
FEAREXPoint-dm[1].exe;C:\Downloads;Adware.TryMedia;;
JustCause-dm[1].exe;C:\Downloads;Adware.TryMedia;;
Outburst-dm[1].exe;C:\Downloads;Adware.TryMedia;;
PrisonTycoon2-dm[1].exe;C:\Downloads;Adware.TryMedia;;
reSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
reSetup-dm[2].exe;C:\Downloads;Adware.TryMedia;;
SchoolTycoonSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
SuperGrannyWWSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
Tropix-dm[1].exe;C:\Downloads;Adware.TryMedia;;
turbo_pizza_AUK-dm[1].exe;C:\Downloads;Adware.TryMedia;;
Wheel_of_Fortune_2_Setup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
Wheel_of_Fortune_Setup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
WrestlingEncoreSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
ZooVetSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
A2PLUGIN.DLL;C:\Program Files\AskSBar\bar\1.bin;Adware.Msearch.122;;
ppctl.dll;C:\Program Files\Common Files\AOL\1170111914\EE\services\antiSpyware\ver2_4_6_1\resources;Probably DLOADER.Trojan;;
SktInstall.exe;C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F};Probably BACKDOOR.Trojan;;
04DE3942;C:\Program Files\Norton AntiVirus\Quarantine;Adware.InstaFinder;;
1E11310F.exe;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.4980;Deleted.;
5E104EFB;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Ucmore;;
Bat.dll.vir;C:\QooBox\Quarantine\C\Program Files\Bat;Adware.Rabio;;
mrofinu72.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.59088;Deleted.;
inanuhpp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.370;Deleted.;
ldllwlij.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.370;Deleted.;
menvohcu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.372;Deleted.;
nieneokw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.372;Deleted.;
A0350493.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366;Adware.Hotbar.222;;
A0350499.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366;Adware.Zango;;
A0351147.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371;Adware.Hotbar.222;;
A0351153.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371;Adware.Zango;;
A0351665.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP381;Adware.Msearch;;
A0351666.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP381;Adware.MyWay;;
A0351671.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP382;Adware.Shopper;;
A0351682.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP382;Adware.IESearch;;
A0351701.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP382;Adware.Starware;;
A0351754.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP382;Trojan.Click.18017;Deleted.;
A0351796.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP383;Adware.Ucmore;;
A0352081.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP384;Adware.IESearch;;
A0355711.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401;Adware.Ucmore;;
A0355733.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP402;Adware.Comet;;
A0356879.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356880.scr;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356889.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356891.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Funweb;;
A0356892.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356893.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356894.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Trojan.Isbar.438;Deleted.;
A0356895.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Funweb;;
A0356896.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Funweb;;
A0356897.SCR;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356898.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356899.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356900.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Trojan.DownLoader.7028;Deleted.;
A0356901.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Funweb;;
A0356902.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356904.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356905.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.MWS;;
A0356907.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356909.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356910.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Msearch;;
A0356911.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356913.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356914.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356915.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0356916.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP404;Adware.Websearch;;
A0357842.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Websearch;;
A0357843.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Funweb;;
A0357844.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Funweb;;
A0357845.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Funweb;;
A0357846.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Websearch;;
A0357847.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Websearch;;
A0357848.DLL;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.MWS;;
A0357882.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP405;Adware.Websearch;;
A0366382.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP428;Probably BACKDOOR.Trojan;;
A0366392.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP428;Adware.Comet;;
A0373143.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Trojan.PurityAd.origin;Incurable.Moved.;
A0373145.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.ClickSpring;;
A0373153.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.WebHancer.origin;;
A0373155.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.WebHancer;;
A0373156.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.WebHancer;;
A0373157.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.SearchAid.origin;;
A0373158.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462;Adware.ClickSpring.origin;;
A0381152.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP465;Tool.QKeylogger;;
A0384185.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP465;Trojan.DownLoader.57582;Deleted.;
A0396249.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP465;Tool.Prockill;;
A0396251.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP465;Tool.ShutDown.11;;
A0399269.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399270.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399271.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399273.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399274.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399275.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399276.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399277.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399279.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.Altnet;;
A0399280.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Adware.TryMedia;;
A0400312.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Trojan.Virtumod.372;Deleted.;
A0400314.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Trojan.Virtumod.368;Deleted.;
A0400315.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466;Trojan.Virtumod.based;Incurable.Moved.;
A0400343.sys;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP469;Program.EliteKeylogger.36;;
A0400344.sys;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP469;Program.EliteKeylogger.36;;
A0400345.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP469;Trojan.Virtumod.370;Deleted.;
A0402814.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Trojan.Virtumod.370;Deleted.;
A0402815.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Trojan.Virtumod.370;Deleted.;
A0402816.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Trojan.Virtumod.372;Deleted.;
A0402818.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Trojan.Virtumod.372;Deleted.;
A0402882.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Program.PsExec.170;;
A0402890.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Probably BATCH.Virus;;
A0402897.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470;Probably SCRIPT.Virus;;
A0402929.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP471;Probably BATCH.Virus;;
A0402936.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP471;Probably SCRIPT.Virus;;
A0403022.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473;Adware.Rabio;;
A0403039.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473;Trojan.DownLoader.59088;Deleted.;
A0403068.EXE;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473;Program.PsExec.170;;
A0403072.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473;Probably BATCH.Virus;;
A0403079.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473;Probably SCRIPT.Virus;;
A0403696.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP481;Probably DLOADER.Trojan;;
A0403740.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP481;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0403742.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP481;Trojan.DownLoader.4980;Deleted.;
HWBEWUSN.DLL.del;C:\WINDOWS\system32;Trojan.Virtumod.370;Deleted.;
Iucmore.dll;C:\WINDOWS\system32;Adware.Ucmore;;
MLJASPMJ.DLL.del;C:\WINDOWS\system32;Trojan.Virtumod.368;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
qlib.dll;C:\WINDOWS\system32;Tool.QKeylogger;;
scsvr.exe;C:\WINDOWS\system32;Program.EliteKeylogger.36;;
RASEX.SYS.del;C:\WINDOWS\system32\drivers;Program.EliteKeylogger.36;;
RASNT.SYS.del;C:\WINDOWS\system32\drivers;Program.EliteKeylogger.36;;

[Advertisements]

I installed flash and java but, I still can't view certain websites.

[Tadams1986]

I installed flash and java but, I still can't view certain websites.

[kahdah]

Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.

• It will ask if you want to update the program definitions, click Yes.
• Under Configuration and Preferences, click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked:
• Close browsers before scanning
• Scan for tracking cookies
• Scan for Alternate Data streams
• Terminate memory threats before quarantining.
• Please leave the others unchecked.
• Click the Close button to leave the control center screen.

Then run Superantispyware.

• Double click on the icon to start Superantispyware.
• On the main screen, under Scan for Harmful Software click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right, under Complete Scan, choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.

1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.

[Tadams1986]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/24/2008 at 10:35 PM

Application Version : 4.0.1154

Core Rules Database Version : 3447
Trace Rules Database Version: 1439

Scan type : Complete Scan
Total Scan Time : 01:56:00

Memory items scanned : 384
Memory threats detected : 0
Registry items scanned : 8944
Registry threats detected : 12
File items scanned : 198884
File threats detected : 124

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}
HKCR\CLSID\{1A8523DC-1DD2-11B2-8F50-A0F5B7CB9B7F}
HKCR\CLSID\{1A8523DC-1DD2-11B2-8F50-A0F5B7CB9B7F}\InprocServer32
HKCR\CLSID\{1A8523DC-1DD2-11B2-8F50-A0F5B7CB9B7F}\InprocServer32#ThreadingModel
HKCR\CLSID\{1A8523DC-1DD2-11B2-8F50-A0F5B7CB9B7F}\InprocServer32#t
C:\WINDOWS\MLILSZYL.DLL
HKCR\CLSID\{1A8523DC-1DD2-11B2-8F50-A0F5B7CB9B7F}

Adware.Tracking Cookie
C:\Documents and Settings\owner1\Cookies\owner1@adbrite[1].txt
C:\Documents and Settings\owner1\Cookies\owner1@atdmt[1].txt
C:\Documents and Settings\owner1\Cookies\[email protected][2].txt
C:\Documents and Settings\owner1\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Trojan.Unknown Origin
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\smp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\000080.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466\A0400307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402812.EXE

Adware.Zango Toolbar/Hb
HKLM\Software\ZangoToolbar
HKLM\Software\ZangoToolbar\Install
HKLM\Software\ZangoToolbar\Install#OL
HKLM\Software\ZangoToolbar\Install#WP

Rogue.AntiSpyStorm
HKLM\Software\AntispyStorm
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ANTISPYSTORM\AS_IE_MONITOR.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473\A0403019.DLL

Rogue.SpyMaxx
HKLM\Software\SpyMaxx

Adware.Vundo-Variant
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\URQRLCCR.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\WVUOPGYX.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402819.DLL

Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\OWNER1\DOCTORWEB\QUARANTINE\A0373143.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462\A0373142.EXE

Adware.Vundo-Variant/H
C:\DOCUMENTS AND SETTINGS\OWNER1\DOCTORWEB\QUARANTINE\A0400315.DLL

Adware.UCMore/The Search Accelerator
C:\PROGRAM FILES\AUTOMATICSEARCH INVESTIGATOR\UCMOREIEX.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP365\A0350442.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0355710.EXE

Browser Hijacker.Favorites
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\ONLINE SECURITY GUIDE.URL.VIR
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\SECURITY TROUBLESHOOTING.URL.VIR

Rogue.Multi-Dropper/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\LFN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WMSDKNS.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402811.EXE

Rogue.WinPerformance
C:\QOOBOX\QUARANTINE\C\WINDOWS\PERFINFO\JCA79VPICBWP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402762.EXE

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350492.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350494.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350495.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350496.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350497.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350501.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350506.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350509.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350511.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351146.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351148.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351149.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351150.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351151.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351155.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351159.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351160.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351162.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351163.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP371\A0351172.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP455\A0372716.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP455\A0372717.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP455\A0372718.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP455\A0372719.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP455\A0372720.DLL

Adware.IWinGames
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366\A0350515.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP375\A0351568.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP388\A0352496.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP400\A0355637.DLL

Adware.Starware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP402\A0355736.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP428\A0366395.EXE

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462\A0373139.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462\A0373141.EXE

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP462\A0373154.DLL

Trojan.Unclassified-Packed/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466\A0400303.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0401367.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466\A0400304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402817.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP470\A0402820.DLL

Trojan.Unclassified/WinSelf
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP466\A0400309.EXE

Trojan.Unclassified/Multi-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP473\A0403029.EXE
C:\WINDOWS\SYSTEM32\DABINMLG.EXE
C:\WINDOWS\Prefetch\DABINMLG.EXE-14DB11CF.pf

Adware.UCmore Toolbar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP481\A0403770.DLL

Trojan.Fake-Drop/Gen
C:\WINDOWS\SYSTEM32\AKTTZN.EXE
C:\WINDOWS\SYSTEM32\ANTICIPATOR.DLL
C:\WINDOWS\SYSTEM32\AWTOOLB.DLL
C:\WINDOWS\SYSTEM32\BDN.COM
C:\WINDOWS\SYSTEM32\H@TKEYSH@@K.DLL
C:\WINDOWS\SYSTEM32\MEDUP012.DLL
C:\WINDOWS\SYSTEM32\MEDUP020.DLL
C:\WINDOWS\SYSTEM32\MSGP.EXE
C:\WINDOWS\SYSTEM32\MSNBHO.DLL
C:\WINDOWS\SYSTEM32\MSSECU.EXE
C:\WINDOWS\SYSTEM32\MSVCHOST.EXE
C:\WINDOWS\SYSTEM32\MTR2.EXE
C:\WINDOWS\SYSTEM32\NETODE.EXE
C:\WINDOWS\SYSTEM32\NEWSD32.EXE
C:\WINDOWS\SYSTEM32\PS1.EXE
C:\WINDOWS\SYSTEM32\REGC64.DLL
C:\WINDOWS\SYSTEM32\REGM64.DLL
C:\WINDOWS\SYSTEM32\RUNDL1.EXE
C:\WINDOWS\SYSTEM32\SSURF022.DLL
C:\WINDOWS\SYSTEM32\SSVCHOST.COM
C:\WINDOWS\SYSTEM32\SSVCHOST.EXE
C:\WINDOWS\SYSTEM32\SYSREQ.EXE
C:\WINDOWS\SYSTEM32\TEMP#01.EXE
C:\WINDOWS\SYSTEM32\THUN.DLL
C:\WINDOWS\SYSTEM32\THUN32.DLL
C:\WINDOWS\SYSTEM32\VBIEWER.OCX
C:\WINDOWS\SYSTEM32\VBSYS2.DLL
C:\WINDOWS\SYSTEM32\VCATCHPI.DLL
C:\WINDOWS\SYSTEM32\WINSYSTEM.EXE
C:\WINDOWS\SYSTEM32\WINWGPX.EXE

Dpcproxy
C:\WINDOWS\SYSTEM32\DPCPROXY.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\PSOF1.EXE

Adware.Pacer D
C:\WINDOWS\SYSTEM32\PSOFT1.EXE



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:43 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1170111914\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1170111914\EE\AOLDesktop.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170111914\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fashion%20Star/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimateb...o/launchubo.OCX
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/d...lugin_0.5.1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12128 bytes

[kahdah]

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\drivers\RASNT.SYS
  C:\WINDOWS\system32\drivers\RASEX.SYS
  C:\WINDOWS\system32\scsvr.exe
  C:\WINDOWS\system32\qlib.dll
  C:\WINDOWS\system32\Iucmore.dll
  C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\SktInstall.exe
  C:\Program Files\AskSBar\bar\A2PLUGIN.DLL
  C:\Downloads\ZooVetSetup-dm[1].exe
  C:\Downloads\WrestlingEncoreSetup-dm[1].exe
  C:\Downloads\Wheel_of_Fortune_Setup-dm[1].exe
  C:\Downloads\Wheel_of_Fortune_2_Setup-dm[1].exe
  C:\Downloads\turbo_pizza_AUK-dm[1].exe
  C:\Downloads\Tropix-dm[1].exe
  C:\Downloads\SuperGrannyWWSetup-dm[1].exe
  C:\Downloads\SchoolTycoonSetup-dm[1].exe
  C:\Downloads\reSetup-dm[2].exe
  C:\Downloads\reSetup-dm[1].exe
  C:\Downloads\PrisonTycoon2-dm[1].exe
  C:\Downloads\Outburst-dm[1].exe
  C:\Downloads\JustCause-dm[1].exe
  C:\Downloads\FEAREXPoint-dm[1].exe
  C:\Downloads\FamilyFeudSetup-dm[1].exe
  C:\Downloads\FamilyFeudIISetup-dm[1].exe
  C:\Downloads\FamilyFeudHolidaySetup[1].exe
  C:\Downloads\FamilyFeudHolidaySetup-dm[1].exe
  C:\Downloads\FamilyFeud2setup-dm[1].exe
  C:\Downloads\BBB-dm[1].exe
  C:\Downloads\AirportTycoon3Setup-dm[1].exe
  C:\Downloads\BellesBeautyBoutiqueSetup-dm[1].exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================
Please also let me know how things are running?

[Tadams1986]

File/Folder C:\WINDOWS\system32\drivers\RASNT.SYS not found.
File/Folder C:\WINDOWS\system32\drivers\RASEX.SYS not found.
File/Folder C:\WINDOWS\system32\scsvr.exe not found.
File/Folder C:\WINDOWS\system32\qlib.dll not found.
File/Folder C:\WINDOWS\system32\Iucmore.dll not found.
File/Folder C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\SktInstall.exe not found.
File/Folder C:\Program Files\AskSBar\bar\A2PLUGIN.DLL not found.
< C:\Downloads\ZooVetSetup-dm[1].exe >
File/Folder C:\Downloads\ZooVetSetup-dm[1].exe not found.
< C:\Downloads\WrestlingEncoreSetup-dm[1].exe >
File/Folder C:\Downloads\WrestlingEncoreSetup-dm[1].exe not found.
< C:\Downloads\Wheel_of_Fortune_Setup-dm[1].exe >
File/Folder C:\Downloads\Wheel_of_Fortune_Setup-dm[1].exe not found.
< C:\Downloads\Wheel_of_Fortune_2_Setup-dm[1].exe >
File/Folder C:\Downloads\Wheel_of_Fortune_2_Setup-dm[1].exe not found.
< C:\Downloads\turbo_pizza_AUK-dm[1].exe >
File/Folder C:\Downloads\turbo_pizza_AUK-dm[1].exe not found.
< C:\Downloads\Tropix-dm[1].exe >
File/Folder C:\Downloads\Tropix-dm[1].exe not found.
< C:\Downloads\SuperGrannyWWSetup-dm[1].exe >
File/Folder C:\Downloads\SuperGrannyWWSetup-dm[1].exe not found.
< C:\Downloads\SchoolTycoonSetup-dm[1].exe >
File/Folder C:\Downloads\SchoolTycoonSetup-dm[1].exe not found.
< C:\Downloads\reSetup-dm[2].exe >
File/Folder C:\Downloads\reSetup-dm[2].exe not found.
< C:\Downloads\reSetup-dm[1].exe >
File/Folder C:\Downloads\reSetup-dm[1].exe not found.
< C:\Downloads\PrisonTycoon2-dm[1].exe >
File/Folder C:\Downloads\PrisonTycoon2-dm[1].exe not found.
< C:\Downloads\Outburst-dm[1].exe >
File/Folder C:\Downloads\Outburst-dm[1].exe not found.
< C:\Downloads\JustCause-dm[1].exe >
File/Folder C:\Downloads\JustCause-dm[1].exe not found.
< C:\Downloads\FEAREXPoint-dm[1].exe >
File/Folder C:\Downloads\FEAREXPoint-dm[1].exe not found.
< C:\Downloads\FamilyFeudSetup-dm[1].exe >
File/Folder C:\Downloads\FamilyFeudSetup-dm[1].exe not found.
< C:\Downloads\FamilyFeudIISetup-dm[1].exe >
File/Folder C:\Downloads\FamilyFeudIISetup-dm[1].exe not found.
< C:\Downloads\FamilyFeudHolidaySetup[1].exe >
File/Folder C:\Downloads\FamilyFeudHolidaySetup[1].exe not found.
< C:\Downloads\FamilyFeudHolidaySetup-dm[1].exe >
File/Folder C:\Downloads\FamilyFeudHolidaySetup-dm[1].exe not found.
< C:\Downloads\FamilyFeud2setup-dm[1].exe >
File/Folder C:\Downloads\FamilyFeud2setup-dm[1].exe not found.
< C:\Downloads\BBB-dm[1].exe >
File/Folder C:\Downloads\BBB-dm[1].exe not found.
< C:\Downloads\AirportTycoon3Setup-dm[1].exe >
File/Folder C:\Downloads\AirportTycoon3Setup-dm[1].exe not found.
< C:\Downloads\BellesBeautyBoutiqueSetup-dm[1].exe >
File/Folder C:\Downloads\BellesBeautyBoutiqueSetup-dm[1].exe not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_144931

The only problems I'm having now is that I can't view things like my help and support, user accounts, and the system restore screen is white. Also when I download flash and java, I still can't view certain websites.

[kahdah]

Hi
Try going to Start > run, and enter:

regsvr32 jscript.dll

reboot afterwards and see if the blank window is no longer blank.
==============
If it is still blank then do the following.
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

Windows Registry Editor Version 5.00

   [HKEY_CLASSES_ROOT\.htc]
   "Content Type"="text/x-component"
   @="htcfile"

   [HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/x-component]
   "CLSID"="{3050f4f8-98b5-11cf-bb82-00aa00bdce0b}"
   "Extension"=".htc"

   [HKEY_CLASSES_ROOT\CLSID\{3050f4f8-98b5-11cf-bb82-00aa00bdce0b}]
   @="Microsoft Html Component"
   [HKEY_CLASSES_ROOT\CLSID\{3050f4f8-98b5-11cf-bb82-00aa00bdce0b}\InProcServer32]
   @="C:\\WINDOWS\\System32\\mshtml.dll"
   "ThreadingModel"="Apartment""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htc]
   "Content Type"="text/x-component"
   @="htcfile"

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place.
============================
If all of that fails to fix it then reinstall wscript\jscript from this site:

http://www.microsoft...;DisplayLang=en

Let me know how it goes.

[Tadams1986]

Hey,

Steps 1 and 2 didn't work, when I went to do step 3 I received an error code saying "Code not available. The Validation code could not be obtained. This may be due to tech difficulties, or you may be running an unsupported operating system."

[Tadams1986]

I downloaded the windows script 5.6 from file front and I still have the same problems.

[kahdah]

Ok let's clean up what we used and then I will have to send you to the XP forum where they will be able to help further.

Start a new thread in this forum >XP Forum then they will help you.
==================
Cleanup::

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please then uninstall\delete anything else that we may have used that is left over.
===========
Once they get you fixed go ahead and create a new Restore point by turning on\off the system restore.

The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
===============================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[Tadams1986]

Hey, thanks a lot for all of your help, I really appreciated.

Edited by Tadams1986, 27 April 2008 - 09:28 AM.

[kahdah]

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[kahdah]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.