Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wallpaper Spyware--winvi?


  • Please log in to reply

#1
Spootbat

Spootbat

    Member

  • Member
  • PipPip
  • 14 posts
I was browsing the internet (a legit site) when all of a sudden, the window closed and some pop-ups started popping up and downloading, etc. I thought I would restart the computer, and when I did, the computer started telling me I had spyware. Also, the backround says :

"Warning: Spyware threat has been detected on your PC.
________________________________________________
Your computer has several fatal errors due to spyware activity.
It is strongly recommended to install an antispyware software to close all security vulnerabilities.
Antispyware software helps protect your PC against spyware and other security threats.

CLICK HERE TO SCAN YOUR PC FOR SPYWARE..."


I have a feeling that THAT is the problem, so I didnt click it or anything else. I tried finding help using that computer, but programs dont work, there are a ton of pop-ups and it is generally glitching. Also task manager is "disabled". (Im on another computer now). Please help! Thanks!

UPDATE: In safe mode I went to program files and found "winvi" which appeared the day the spyware appeared, and has a history of being sketchy. I am 90% sure that THAT is the problem.


This is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:13 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\xwusuhzh.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\UmhvbmRhIEZhbGs\command.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\windows\system32\jrwnw64p.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\qcntskdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Svconr\Svconr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: gooochi browser optimizer - {40649b61-d08e-e066-6ee9-61cb7b2a1e43} - C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D6BE954-A79E-4165-83A2-E4DE6F57B700} - \
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\opnlIYpP.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [{12-26-67-79-DW}] C:\windows\system32\jrwnw64p.exe DWramFF
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntskdm.exe DWramFF
O4 - HKLM\..\Run: [{67a95a1b-7134-ce9a-35f1-01840f50850d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll" DllInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\qcntskdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\jrwnw64p.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O20 - Winlogon Notify: opnlIYpP - C:\WINDOWS\SYSTEM32\opnlIYpP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmhvbmRhIEZhbGs\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15842 bytes

Edited by Spootbat, 22 May 2008 - 04:29 PM.

  • 0

Advertisements


#2
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi, Welcome to Geeks To Go Forums!

My name is Renato Mejias, and I will help you to solve your problems :).

You might want to save this page on your favorites, so you can find it again when you return.

Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.

  • 0

#3
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#4
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, thanks for helping me!

I couldnt get to the site on the infected computer, so I emailed myself with the program and installed it.
So here is the MBAM log:

Malwarebytes' Anti-Malware 1.12
Database version: 782

Scan type: Quick Scan
Objects scanned: 47418
Time elapsed: 20 minute(s), 4 second(s)

Memory Processes Infected: 11
Memory Modules Infected: 10
Registry Keys Infected: 70
Registry Values Infected: 12
Registry Data Items Infected: 4
Folders Infected: 27
Files Infected: 115

Memory Processes Infected:
c:\WINDOWS\umhvbmrhiezhbgs\command.exe (AdWare.CommAd) -> Failed to unload process.
c:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Unloaded process successfully.
c:\Program Files\Common Files\qfrk\qfrkm.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\Program Files\Common Files\qfrk\qfrka.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\Svconr\Svconr.exe (Adware.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\jrwnw64p.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Unloaded process successfully.
C:\Program Files\JavaCore\JavaCore.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Schloss\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\xwusuhzh.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\umhvbmrhiezhbgs\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
c:\Program Files\Common Files\qfrk\qfrkd\qfrkc.dll (Adware.TargetServer) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\ljJCrSMc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll (Adware.Vapsup) -> Unloaded module successfully.
C:\Program Files\Spcron\Spc.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\opnlIYpP.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Unloaded module successfully.
C:\Program Files\Internet Explorer\hokelo821058.dll (Adware.TTC) -> Unloaded module successfully.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65c68ca8-eb6b-4bb4-99bc-2a4f799eb863} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65c68ca8-eb6b-4bb4-99bc-2a4f799eb863} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{40649b61-d08e-e066-6ee9-61cb7b2a1e43} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40649b61-d08e-e066-6ee9-61cb7b2a1e43} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7bbc1fa-e415-4926-9a47-9ab58d0b3bc8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7bbc1fa-e415-4926-9a47-9ab58d0b3bc8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnliypp (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{12b2c1c8-646a-43db-8557-e25edecbc411} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.band (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.band.1 (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.bho (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.bho.1 (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dbe49762-874f-41ac-9409-ecdd4b3db4a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b56d7e4-d4a2-4a61-8f6f-f3abc92a34a7} (Adware.TTC) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b56d7e4-d4a2-4a61-8f6f-f3abc92a34a7} (Adware.TTC) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f13e302-8cb0-6870-62d8-728678cb5a50} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{6f13e302-8cb0-6870-62d8-728678cb5a50} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8387eba5-088c-384a-8481-02a5a8bd5c61} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8387eba5-088c-384a-8481-02a5a8bd5c61} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AdBand.DLL (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BndDrive (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qfrk (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Insider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{12-26-67-79-DW} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{67a95a1b-7134-ce9a-35f1-01840f50850d} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c7bbc1fa-e415-4926-9a47-9ab58d0b3bc8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webHancer Agent (Adware.Webhancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc772154a (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcrsmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: spc.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\xwusuhzh.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcrsmc -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\capcom (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cfig322 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\drvr2 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\Words (Adware.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\polX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pfig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GUI2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\binR (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3036a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Schloss\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Application Data\speedrunner (Adware.SurfAccuracy) -> Delete on reboot.

Files Infected:
c:\WINDOWS\umhvbmrhiezhbgs\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
c:\WINDOWS\umhvbmrhiezhbgs\command.exe (AdWare.CommAd) -> Delete on reboot.
c:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
c:\Program Files\Common Files\qfrk\qfrkm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Program Files\Common Files\qfrk\qfrka.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Program Files\Common Files\qfrk\qfrkd\qfrkc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
c:\program files\Svconr\Svconr.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJCrSMc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\cMSrCJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cMSrCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jrwnw64p.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll (Adware.Vapsup) -> Delete on reboot.
C:\Program Files\Spcron\Spc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\opnlIYpP.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\hokelo821058.dll (Adware.TTC) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qcntskdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll-uninst.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\WINDOWS\b103.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b143.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b999.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu72.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\akcnb.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\ctxad.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\67KFSNIP\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\67KFSNIP\b433b5a80d2cb00f8f1c54387f9aa332[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\67KFSNIP\dm[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\GNI7KXST\488aede55160e40e3d5988951bfacaca[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\W94NCJ8F\a537119c47192bc08952189ae8782f08[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\W94NCJ8F\g14[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\W94NCJ8F\msiexec[1].exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\3cd898b13299cb4bc0d5dc64745518ed[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\c1f5cc94a30f082054f3a00e6655462d[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\syswcc32[1].exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\capcom\nab22011.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cfig322\icm33o.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2\SRInstaller.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\update.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\QdrModule16.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\dictys.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack16.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trgtys.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\polX\roEbdll2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pfig\trazcom06.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GUI2\FI-dt4x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\binR\Wvram13.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll.lzma (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Delete on reboot.
C:\Documents and Settings\Schloss\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xwusuhzh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hrdprlub.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\qcntskdm.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS (Fake.Beep.Sys) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\b149.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\ie.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Schloss\Local Settings\Temp\ismtpa16.exe (Adware.ISM) -> Quarantined and deleted successfully.





I had to restart the computer, and when I did, an error message came up saying:

"The application or DLL C:\WINDOWS\system32\hrdprlub.dll is not a valid Windows image. Please check this against your installation diskette"

So what do you think?

Edited by Spootbat, 23 May 2008 - 01:32 PM.

  • 0

#5
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi,

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

  • 0

#6
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok here is the main.txt:


Deckard's System Scanner v20071014.68
Run by Schloss on 2008-05-25 11:24:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-05-25 16:24:17 UTC - RP1076 - Deckard's System Scanner Restore Point
22: 2008-05-18 16:50:31 UTC - RP1075 - Unsigned driver install
21: 2008-05-18 16:24:27 UTC - RP1074 - Unsigned driver install
20: 2008-05-15 22:30:29 UTC - RP1073 - Software Distribution Service 3.0
19: 2008-05-14 10:15:27 UTC - RP1072 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-13 10:41:51 UTC - RP1054 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 10.81 GiB (less than 15%) free.


-- HijackThis (run as Schloss.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:22 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Schloss\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Schloss.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D6BE954-A79E-4165-83A2-E4DE6F57B700} - \
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12843 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070910-161416-282 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20070910-161416-315 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070910-161416-460 O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 atitray - c:\program files\radeon omega drivers\v2.6.42\ati tray tools\atitray.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 HPFECP06 - c:\windows\system32\drivers\hpfecp06.sys
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 VBus (Virtual Bus) - c:\windows\system32\drivers\nkvbus.sys <Not Verified; Nikon Corporation; CoolpixStackWin>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 cis1284 - c:\windows\system32\drivers\cis1284.sys (file missing)
S3 catchme - c:\docume~1\schloss\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 o1394bul - c:\docume~1\schloss\locals~1\temp\o1394bul.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 TICalc - c:\windows\system32\drivers\ticalc.sys
S3 TnIDriver - c:\docume~1\schloss\locals~1\temp\tni14.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NkPtpEnumP2 - "c:\program files\nikon\wireless camera setup utility\nkptpenum.exe" -a -d="c:\program files\nikon\wireless camera setup utility\nkptpip.dll" <Not Verified; Nikon Corporation; CoolpixStackWin>

S3 Groove Games Licensing Service - "c:\program files\common files\groove games shared\service\ggameslicsvc.exe" <Not Verified; Groove Games; Groove Games Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP06\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP06\0000
Service: HPFECP06

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP14\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP14\0000
Service: HPFECP14


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 15:02:32 412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-25 20:00:19 534 --a----c- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Schloss.job
2008-02-22 21:10:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-30 19:15:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 11:03:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-25 10:40:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-25 10:40:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-23 14:55:15 43062 --a------ C:\WINDOWS\acdt-pid68.exe
2008-05-23 14:50:35 0 d-------- C:\Documents and Settings\Schloss\Application Data\Malwarebytes
2008-05-23 14:50:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 14:50:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 12:31:50 2560 --a------ C:\WINDOWS\system32\djhedshr.exe
2008-05-23 12:29:31 90240 -----n--- C:\WINDOWS\system32\hrdprlub.dll
2008-05-23 12:28:46 314512 -----n--- C:\WINDOWS\system32\ljJCrSMc.dll
2008-05-23 12:22:59 0 d--hs---- C:\WINDOWS\CSC
2008-05-23 11:42:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-23 11:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-23 11:15:06 0 d-------- C:\WINDOWS\qfrk
2008-05-23 11:15:06 0 d-------- C:\Program Files\Common Files\qfrk
2008-05-20 18:35:12 0 d-------- C:\Documents and Settings\Schloss\Application Data\SpeedRunner
2008-05-20 18:25:11 0 d-------- C:\Program Files\Spcron
2008-05-19 08:55:20 439808 -----n--- C:\WINDOWS\system32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll
2008-05-18 11:04:56 21760 --a------ C:\WINDOWS\y.exe
2008-05-18 11:04:56 24064 --a------ C:\WINDOWS\xplugin.dll
2008-05-18 11:04:56 28416 --a------ C:\WINDOWS\x.exe
2008-05-18 11:04:55 12544 --a------ C:\WINDOWS\winmgnt.exe
2008-05-18 11:04:55 17664 --a------ C:\WINDOWS\window.exe
2008-05-18 11:04:55 14080 --a------ C:\WINDOWS\winajbm.dll
2008-05-18 11:04:55 24320 --a------ C:\WINDOWS\win64.exe
2008-05-18 11:04:55 27392 --a------ C:\WINDOWS\win32e.exe
2008-05-18 11:04:54 32512 --a------ C:\WINDOWS\waol.exe
2008-05-18 11:04:54 17408 --a------ C:\WINDOWS\users32.exe
2008-05-18 11:04:54 30208 --a------ C:\WINDOWS\time.exe
2008-05-18 11:04:53 15104 --a------ C:\WINDOWS\systemcritical.exe
2008-05-18 11:04:53 10496 --a------ C:\WINDOWS\systeem.exe
2008-05-18 11:04:53 21248 --a------ C:\WINDOWS\svcinit.exe
2008-05-18 11:04:53 19712 --a------ C:\WINDOWS\svchost32.exe
2008-05-18 11:04:52 27136 --a------ C:\WINDOWS\sistem.exe
2008-05-18 11:04:52 28416 --a------ C:\WINDOWS\searchword.dll
2008-05-18 11:04:52 32512 --a------ C:\WINDOWS\rundll16.exe
2008-05-18 11:04:51 9728 --a------ C:\WINDOWS\quicken.exe
2008-05-18 11:04:51 21504 --a------ C:\WINDOWS\qttasks.exe
2008-05-18 11:04:51 22272 --a------ C:\WINDOWS\olehelp.exe
2008-05-18 11:04:51 11520 --a------ C:\WINDOWS\notepad32.exe
2008-05-18 11:04:51 16640 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-18 11:04:51 12288 --a------ C:\WINDOWS\mswsc20.dll
2008-05-18 11:04:51 17920 --a------ C:\WINDOWS\mswsc10.dll
2008-05-18 11:04:50 26880 --a------ C:\WINDOWS\msupdate.exe
2008-05-18 11:04:50 20992 --a------ C:\WINDOWS\mssys.exe
2008-05-18 11:04:50 9984 --a------ C:\WINDOWS\msspi.dll
2008-05-18 11:04:50 32512 --a------ C:\WINDOWS\msconfd.dll
2008-05-18 11:04:49 32000 --a------ C:\WINDOWS\loader.exe
2008-05-18 11:04:49 14592 --a------ C:\WINDOWS\internet.exe
2008-05-18 11:04:49 9728 --a------ C:\WINDOWS\inetinf.exe
2008-05-18 11:04:49 22784 --a------ C:\WINDOWS\iexplorer.exe
2008-05-18 11:04:49 27136 --a------ C:\WINDOWS\iedll.exe
2008-05-18 11:04:48 23296 --a------ C:\WINDOWS\helpcvs.exe
2008-05-18 11:04:48 10496 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-18 11:04:48 27904 --a------ C:\WINDOWS\funny.exe
2008-05-18 11:04:48 21760 --a------ C:\WINDOWS\funniest.exe
2008-05-18 11:04:48 27648 --a------ C:\WINDOWS\explorer32.exe
2008-05-18 11:04:47 18944 --a------ C:\WINDOWS\explore.exe
2008-05-18 11:04:47 24064 --a------ C:\WINDOWS\editpad.exe
2008-05-18 11:04:47 24832 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-18 11:04:47 25856 --a------ C:\WINDOWS\directx32.exe
2008-05-18 11:04:46 23040 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-18 11:04:46 30720 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-18 11:04:46 17408 --a------ C:\WINDOWS\cpan.dll
2008-05-18 11:04:46 11008 --a------ C:\WINDOWS\clrssn.exe
2008-05-18 11:04:46 10752 --a------ C:\WINDOWS\avpcc.dll
2008-05-18 11:04:45 29696 --a------ C:\WINDOWS\accesss.exe
2008-05-18 11:02:55 1695 --a------ C:\WINDOWS\system32\clbinit.dll
2008-05-18 11:01:33 0 d-------- C:\Documents and Settings\Schloss\Application Data\uTorrent
2008-05-18 11:01:24 31560 -----n--- C:\WINDOWS\system32\clbdll.dll
2008-05-18 11:01:17 0 d-------- C:\Program Files\uTorrent
2008-05-18 11:01:09 200779 -----n--- C:\WINDOWS\system32\qcntskdm.exe
2008-05-18 11:01:06 401968 --a------ C:\WINDOWS\system32\g14.exe
2008-05-18 11:00:26 0 d-------- C:\WINDOWS\system32\logXv06
2008-05-18 11:00:16 25728 -----n--- C:\WINDOWS\system32\opnlIYpP.dll
2008-05-18 11:00:10 0 d-------- C:\Program Files\webHancer
2008-05-18 11:00:03 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-05 11:24:34 330752 -----n--- C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-25 11:02:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-25 10:58:30 0 d-a------ C:\Program Files\Common Files
2008-05-25 10:37:04 288 --a----c- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-25 10:37:04 288 --a----c- C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-23 15:00:10 0 d-------- C:\Program Files\Norton Security Scan
2008-05-23 12:06:47 0 d-------- C:\Program Files\GetRight
2008-05-17 16:58:41 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-02 16:42:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-19 20:40:34 0 d-------- C:\Program Files\Universal Interactive
2008-04-19 20:40:34 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D6BE954-A79E-4165-83A2-E4DE6F57B700}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/14/2002 06:22 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 09:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/30/2002 01:00 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 04:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 02:56 AM C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/24/2003 04:58 PM]
"ATIPTA"="atiptaxx.exe" [05/12/2005 09:05 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/14/2005 09:16 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/08/2005 03:45 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2006 05:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/21/2006 09:32 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 04:46 PM]
"SfKg6wIP"="C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe" [05/20/2008 06:35 PM]
"SpeedRunner"="C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe" [05/23/2008 03:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoSMMyDocs"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMyMusic"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoAddPrinter"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoDeletePrinter"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msaps, schannel.dll, digest.dll, msns,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Schloss^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
C:\WINDOWS\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client]
C:\Program Files\RSNet\RSEDNClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
C:\Program Files\SpyKiller\spykiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\progra~1\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]
C:\PROGRA~1\SYSTEM~1\soap.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatev01]
C:\WINDOWS\System32\updatev01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.EXE 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71860fc1-a5b0-11db-bd8f-b4406390e31c}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-25 11:29:57 ------------







And the extra.txt:



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 511 MiB / 181.13 MiB
Pagefile Memory (total/avail): 1881.19 MiB / 1567.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.72 GiB total, 10.81 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2005 (Symantec) Disabled
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Schloss\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ERNIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Schloss
LOGONSERVER=\\ERNIE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Schloss\LOCALS~1\Temp
TMP=C:\DOCUME~1\Schloss\LOCALS~1\Temp
USERDOMAIN=ERNIE
USERNAME=Schloss
USERPROFILE=C:\Documents and Settings\Schloss
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Schloss (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHT~1\EANTHT~1.EXE /Uninstall
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The WarChiefs Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}
America's Army --> MsiExec.exe /I{8A53F9E8-F459-47B0-AA99-D919CD48A304}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{CB2D95C7-189C-4596-B071-CE99C309573D}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D3661269-10B6-495F-B4EE-539ABE3F9AA9} /l1033
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Multimedia Center 8.1.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID
  • 0

#7
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi,

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#8
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the scan report:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:14:22 PM 5/27/2008

+ Scan result:



HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\H2\mccwb2.exe.vir -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13296 -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38590 -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\UmhvbmRhIEZhbGs\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\UmhvbmRhIEZhbGs\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4B0B-44D5-9718-90C88817369B} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{086AE192-23A6-48D6-96EC-715F53797E85} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{150FA160-130D-451F-B863-B655061432BA} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17DA0C9E-4A27-4AC5-BB75-5D24B8CDB972} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38A51A-23C9-48A1-A33C-48675AA2B494} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-717765721306} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2DDF680-9905-4DEE-8C64-0A5DE7FE133C} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD9BC004-8331-4457-B830-4759FF704C22} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Httper -> Adware.Httper : Cleaned with backup (quarantined).
HKU\S-1-5-21-967662742-3868689019-872109896-1006\Software\Httper\Settings -> Adware.Httper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D123AED6C340E304988D0F6852B28775 -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\updatev03.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\InetGet2\wininstall.exe.vir -> Backdoor.Agent.dcr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1055\A0191025.exe -> Downloader.Adload.lj : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir -> Downloader.Agent.djj : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\retadpu77.exe.vir -> Downloader.Agent.djj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205066.exe -> Downloader.Agent.ezc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205065.exe -> Downloader.Agent.jih : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\My Documents\Αdobe\msdtc.exe -> Downloader.Agent.kwg : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Application Data\Microsoft\dtsc\28461.exe -> Downloader.Agent.plz : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\GNI7KXST\td[1].exe -> Downloader.Agent.plz : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\cm[1].exe -> Downloader.Agent.pmd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0204013.exe -> Downloader.Homles.bl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1071\A0199790.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0202964.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\GRB3\rwddr2SD.exe -> Downloader.Small.fox : Cleaned with backup (quarantined).
C:\Program Files\Common Files\qfrk\qfrkp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\qfrk\qfrkd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\qfrk\qfrkl.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\f10WtR\f10WtR1099.exe.vir -> Downloader.VB.bgd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\logXv06\logXv061083.exe -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\WINDOWS\acdt-pid68.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\ISM\BndDrive4.dll.vir -> Not-A-Virus.Adware.AdBand : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205015.dll -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\ISM\ISMModule4.exe.vir -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Web Buying\v1.8.4\webbuying.exe.vir -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\yvgpljf.dll.vir -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0202963.dll -> Not-A-Virus.Adware.BB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205074.dll -> Not-A-Virus.Adware.BB : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Web Buying\v1.8.4\wbuninst.exe.vir -> Not-A-Virus.Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205057.exe -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205062.exe -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205063.exe -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\ISM\ism.exe.vir -> Not-A-Virus.Adware.ISM : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61394 -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir -> Not-A-Virus.Adware.Rond : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\DLL2\MMEMDT83122.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\TTC.dll.vir -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\backup\DOCUME~1\Schloss\LOCALS~1\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0203992.exe -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0203993.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0203994.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0203995.exe -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0204000.exe -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0204001.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0204002.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\ISM\bndloader.exe.vir -> Not-A-Virus.Downloader.Win32.Agent.q : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0202965.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.285:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.297:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.303:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.341:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.344:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.345:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.347:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.396:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Deckard\System Scanner\backup\DOCUME~1\Schloss\LOCALS~1\Temp\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.115:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.185:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Deckard\System Scanner\backup\DOCUME~1\Schloss\LOCALS~1\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.136:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.248:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.249:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.250:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.801:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.802:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.816:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.116:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.118:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.119:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.233:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.234:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.235:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.556:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.557:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.558:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.559:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.560:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.532:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.533:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.534:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.535:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.536:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.537:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.538:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.539:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.540:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.541:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.542:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.543:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.214:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.215:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.216:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.217:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.218:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.219:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.220:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.221:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.222:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.223:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.224:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.225:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.226:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.227:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.228:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.229:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.230:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.231:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.232:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.233:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.234:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.235:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.236:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.237:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.238:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.239:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.240:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.241:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.242:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.243:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.244:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.245:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.246:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.247:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.248:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.249:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.250:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.251:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.252:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.253:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.254:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.255:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.256:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.257:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.258:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.259:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.260:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.261:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.262:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Deckard\System Scanner\backup\DOCUME~1\Schloss\LOCALS~1\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.73:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Deckard\System Scanner\backup\DOCUME~1\Schloss\LOCALS~1\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.208:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.109:C:\Documents and Settings\Schloss\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.128:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.515:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.468:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.469:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.470:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.561:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.562:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.563:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.564:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.108:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.153:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.154:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.156:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.157:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.158:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\zykawwtm.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Schloss\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.354:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.355:C:\Documents and Settings\Schloss\Application Data\Mozilla\Firefox\Profiles\42iqgeq7.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.356:C:\Documents and Settings\Schloss\Application Data\Mozilla&#
  • 0

#9
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Please, post a new Deckard's System Scanner log.
  • 0

#10
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, but it ran different this time. It didnt seem to scan anything, it just came up, loaded, and gave me a log. And there is no extra.txt this time. I dont know if thats what it is supposed to do, but here is the main.txt it gave me:


Deckard's System Scanner v20071014.68
Run by Schloss on 2008-05-28 16:56:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 10.78 GiB (less than 15%) free.


-- HijackThis (run as Schloss.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:32 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Schloss\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Schloss.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D6BE954-A79E-4165-83A2-E4DE6F57B700} - \
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11939 bytes

-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-27 16:12:23 0 d-------- C:\Documents and Settings\Schloss\Application Data\Grisoft
2008-05-27 16:11:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-25 11:03:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-25 10:40:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-25 10:40:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-23 14:50:35 0 d-------- C:\Documents and Settings\Schloss\Application Data\Malwarebytes
2008-05-23 14:50:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 14:50:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 12:31:50 2560 --a------ C:\WINDOWS\system32\djhedshr.exe
2008-05-23 12:29:31 90240 -----n--- C:\WINDOWS\system32\hrdprlub.dll
2008-05-23 12:28:46 314512 -----n--- C:\WINDOWS\system32\ljJCrSMc.dll
2008-05-23 12:22:59 0 d--hs---- C:\WINDOWS\CSC
2008-05-23 11:42:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-23 11:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-23 11:15:06 0 d-------- C:\WINDOWS\qfrk
2008-05-23 11:15:06 0 d-------- C:\Program Files\Common Files\qfrk
2008-05-20 18:35:12 0 d-------- C:\Documents and Settings\Schloss\Application Data\SpeedRunner
2008-05-20 18:25:11 0 d-------- C:\Program Files\Spcron
2008-05-19 08:55:20 439808 -----n--- C:\WINDOWS\system32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll
2008-05-18 11:04:56 21760 --a------ C:\WINDOWS\y.exe
2008-05-18 11:04:56 24064 --a------ C:\WINDOWS\xplugin.dll
2008-05-18 11:04:56 28416 --a------ C:\WINDOWS\x.exe
2008-05-18 11:04:55 12544 --a------ C:\WINDOWS\winmgnt.exe
2008-05-18 11:04:55 17664 --a------ C:\WINDOWS\window.exe
2008-05-18 11:04:55 14080 --a------ C:\WINDOWS\winajbm.dll
2008-05-18 11:04:55 24320 --a------ C:\WINDOWS\win64.exe
2008-05-18 11:04:55 27392 --a------ C:\WINDOWS\win32e.exe
2008-05-18 11:04:54 32512 --a------ C:\WINDOWS\waol.exe
2008-05-18 11:04:54 17408 --a------ C:\WINDOWS\users32.exe
2008-05-18 11:04:54 30208 --a------ C:\WINDOWS\time.exe
2008-05-18 11:04:53 15104 --a------ C:\WINDOWS\systemcritical.exe
2008-05-18 11:04:53 10496 --a------ C:\WINDOWS\systeem.exe
2008-05-18 11:04:53 21248 --a------ C:\WINDOWS\svcinit.exe
2008-05-18 11:04:53 19712 --a------ C:\WINDOWS\svchost32.exe
2008-05-18 11:04:52 27136 --a------ C:\WINDOWS\sistem.exe
2008-05-18 11:04:52 28416 --a------ C:\WINDOWS\searchword.dll
2008-05-18 11:04:52 32512 --a------ C:\WINDOWS\rundll16.exe
2008-05-18 11:04:51 9728 --a------ C:\WINDOWS\quicken.exe
2008-05-18 11:04:51 21504 --a------ C:\WINDOWS\qttasks.exe
2008-05-18 11:04:51 22272 --a------ C:\WINDOWS\olehelp.exe
2008-05-18 11:04:51 11520 --a------ C:\WINDOWS\notepad32.exe
2008-05-18 11:04:51 16640 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-18 11:04:51 12288 --a------ C:\WINDOWS\mswsc20.dll
2008-05-18 11:04:51 17920 --a------ C:\WINDOWS\mswsc10.dll
2008-05-18 11:04:50 26880 --a------ C:\WINDOWS\msupdate.exe
2008-05-18 11:04:50 20992 --a------ C:\WINDOWS\mssys.exe
2008-05-18 11:04:50 9984 --a------ C:\WINDOWS\msspi.dll
2008-05-18 11:04:50 32512 --a------ C:\WINDOWS\msconfd.dll
2008-05-18 11:04:49 32000 --a------ C:\WINDOWS\loader.exe
2008-05-18 11:04:49 14592 --a------ C:\WINDOWS\internet.exe
2008-05-18 11:04:49 9728 --a------ C:\WINDOWS\inetinf.exe
2008-05-18 11:04:49 22784 --a------ C:\WINDOWS\iexplorer.exe
2008-05-18 11:04:49 27136 --a------ C:\WINDOWS\iedll.exe
2008-05-18 11:04:48 23296 --a------ C:\WINDOWS\helpcvs.exe
2008-05-18 11:04:48 10496 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-18 11:04:48 27904 --a------ C:\WINDOWS\funny.exe
2008-05-18 11:04:48 21760 --a------ C:\WINDOWS\funniest.exe
2008-05-18 11:04:48 27648 --a------ C:\WINDOWS\explorer32.exe
2008-05-18 11:04:47 18944 --a------ C:\WINDOWS\explore.exe
2008-05-18 11:04:47 24064 --a------ C:\WINDOWS\editpad.exe
2008-05-18 11:04:47 24832 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-18 11:04:47 25856 --a------ C:\WINDOWS\directx32.exe
2008-05-18 11:04:46 23040 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-18 11:04:46 30720 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-18 11:04:46 17408 --a------ C:\WINDOWS\cpan.dll
2008-05-18 11:04:46 11008 --a------ C:\WINDOWS\clrssn.exe
2008-05-18 11:04:46 10752 --a------ C:\WINDOWS\avpcc.dll
2008-05-18 11:04:45 29696 --a------ C:\WINDOWS\accesss.exe
2008-05-18 11:02:55 1695 --a------ C:\WINDOWS\system32\clbinit.dll
2008-05-18 11:01:33 0 d-------- C:\Documents and Settings\Schloss\Application Data\uTorrent
2008-05-18 11:01:24 31560 -----n--- C:\WINDOWS\system32\clbdll.dll
2008-05-18 11:01:17 0 d-------- C:\Program Files\uTorrent
2008-05-18 11:01:09 200779 -----n--- C:\WINDOWS\system32\qcntskdm.exe
2008-05-18 11:01:06 401968 --a------ C:\WINDOWS\system32\g14.exe
2008-05-18 11:00:26 0 d-------- C:\WINDOWS\system32\logXv06
2008-05-18 11:00:16 25728 -----n--- C:\WINDOWS\system32\opnlIYpP.dll
2008-05-18 11:00:03 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-05 11:24:34 330752 -----n--- C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-28 16:54:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-28 16:49:53 0 d-a------ C:\Program Files\Common Files
2008-05-28 14:41:47 288 --a----c- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-28 14:41:47 288 --a----c- C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-23 15:00:10 0 d-------- C:\Program Files\Norton Security Scan
2008-05-23 12:06:47 0 d-------- C:\Program Files\GetRight
2008-05-17 16:58:41 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-02 16:42:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-19 20:40:34 0 d-------- C:\Program Files\Universal Interactive
2008-04-19 20:40:34 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D6BE954-A79E-4165-83A2-E4DE6F57B700}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/14/2002 06:22 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 09:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/30/2002 01:00 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 04:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 02:56 AM C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/24/2003 04:58 PM]
"ATIPTA"="atiptaxx.exe" [05/12/2005 09:05 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/14/2005 09:16 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/08/2005 03:45 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2006 05:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/21/2006 09:32 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 04:46 PM]
"SfKg6wIP"="C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe" [05/20/2008 06:35 PM]
"SpeedRunner"="C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe" [05/23/2008 03:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [10/28/2005 11:23:10 AM]
DESKTOP.INI [9/3/2002 1:36:04 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/12/2006 3:43:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoSMMyDocs"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMyMusic"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoAddPrinter"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoDeletePrinter"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msaps, schannel.dll, digest.dll, msns,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Schloss^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
C:\WINDOWS\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client]
C:\Program Files\RSNet\RSEDNClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
C:\Program Files\SpyKiller\spykiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\progra~1\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]
C:\PROGRA~1\SYSTEM~1\soap.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatev01]
C:\WINDOWS\System32\updatev01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.EXE 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71860fc1-a5b0-11db-bd8f-b4406390e31c}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-28 16:57:07 ------------
  • 0

Advertisements


#11
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D6BE954-A79E-4165-83A2-E4DE6F57B700} - \
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\y.exe
    C:\WINDOWS\xplugin.dll
    C:\WINDOWS\x.exe
    C:\WINDOWS\winmgnt.exe
    C:\WINDOWS\window.exe
    C:\WINDOWS\winajbm.dll
    C:\WINDOWS\win64.exe
    C:\WINDOWS\win32e.exe
    C:\WINDOWS\waol.exe
    C:\WINDOWS\users32.exe
    C:\WINDOWS\time.exe
    C:\WINDOWS\systemcritical.exe
    C:\WINDOWS\systeem.exe
    C:\WINDOWS\svcinit.exe
    C:\WINDOWS\svchost32.exe
    C:\WINDOWS\sistem.exe
    C:\WINDOWS\searchword.dll
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\quicken.exe
    C:\WINDOWS\qttasks.exe
    C:\WINDOWS\olehelp.exe
    C:\WINDOWS\notepad32.exe
    C:\WINDOWS\mtwirl32.dll
    C:\WINDOWS\mswsc20.dll
    C:\WINDOWS\mswsc10.dll
    C:\WINDOWS\msupdate.exe
    C:\WINDOWS\mssys.exe
    C:\WINDOWS\msspi.dll
    C:\WINDOWS\msconfd.dll
    C:\WINDOWS\loader.exe
    C:\WINDOWS\internet.exe
    C:\WINDOWS\inetinf.exe
    C:\WINDOWS\iexplorer.exe
    C:\WINDOWS\iedll.exe
    C:\WINDOWS\helpcvs.exe
    C:\WINDOWS\gfmnaaa.dll
    C:\WINDOWS\funny.exe
    C:\WINDOWS\funniest.exe
    C:\WINDOWS\explorer32.exe
    C:\WINDOWS\explore.exe
    C:\WINDOWS\editpad.exe
    C:\WINDOWS\dnsrelay.dll
    C:\WINDOWS\directx32.exe
    C:\WINDOWS\ctrlpan.dll
    C:\WINDOWS\ctfmon32.exe
    C:\WINDOWS\cpan.dll
    C:\WINDOWS\clrssn.exe
    C:\WINDOWS\avpcc.dll
    C:\WINDOWS\accesss.exe
    C:\WINDOWS\system32\clbinit.dll
    C:\WINDOWS\system32\clbdll.dll
    C:\WINDOWS\system32\qcntskdm.exe
    C:\WINDOWS\system32\g14.exe
    C:\WINDOWS\system32\logXv06
    C:\WINDOWS\system32\opnlIYpP.dll
    C:\WINDOWS\system32\hljwugsf.bin
    C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After that, Reboot, and post a new Deckard's System Scanner log here in a reply.
  • 0

#12
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
When trying to move the files, messages like this came up A LOT:

The application or DLL (insert some file name here) is not a valid Windows image. Please check this against your installation diskette.

So I clicked "ok" for all of them and it finished. So then, here is the MoveIt log:



C:\WINDOWS\y.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\xplugin.dll
C:\WINDOWS\xplugin.dll NOT unregistered.
C:\WINDOWS\xplugin.dll moved successfully.
C:\WINDOWS\x.exe moved successfully.
C:\WINDOWS\winmgnt.exe moved successfully.
C:\WINDOWS\window.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\winajbm.dll
C:\WINDOWS\winajbm.dll NOT unregistered.
C:\WINDOWS\winajbm.dll moved successfully.
C:\WINDOWS\win64.exe moved successfully.
C:\WINDOWS\win32e.exe moved successfully.
C:\WINDOWS\waol.exe moved successfully.
C:\WINDOWS\users32.exe moved successfully.
C:\WINDOWS\time.exe moved successfully.
C:\WINDOWS\systemcritical.exe moved successfully.
C:\WINDOWS\systeem.exe moved successfully.
C:\WINDOWS\svcinit.exe moved successfully.
C:\WINDOWS\svchost32.exe moved successfully.
C:\WINDOWS\sistem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\searchword.dll
C:\WINDOWS\searchword.dll NOT unregistered.
C:\WINDOWS\searchword.dll moved successfully.
C:\WINDOWS\rundll16.exe moved successfully.
C:\WINDOWS\quicken.exe moved successfully.
C:\WINDOWS\qttasks.exe moved successfully.
C:\WINDOWS\olehelp.exe moved successfully.
C:\WINDOWS\notepad32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\mtwirl32.dll NOT unregistered.
C:\WINDOWS\mtwirl32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc20.dll NOT unregistered.
C:\WINDOWS\mswsc20.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc10.dll NOT unregistered.
C:\WINDOWS\mswsc10.dll moved successfully.
C:\WINDOWS\msupdate.exe moved successfully.
C:\WINDOWS\mssys.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\msspi.dll
C:\WINDOWS\msspi.dll NOT unregistered.
C:\WINDOWS\msspi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msconfd.dll
C:\WINDOWS\msconfd.dll NOT unregistered.
C:\WINDOWS\msconfd.dll moved successfully.
C:\WINDOWS\loader.exe moved successfully.
C:\WINDOWS\internet.exe moved successfully.
C:\WINDOWS\inetinf.exe moved successfully.
C:\WINDOWS\iexplorer.exe moved successfully.
C:\WINDOWS\iedll.exe moved successfully.
C:\WINDOWS\helpcvs.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\gfmnaaa.dll NOT unregistered.
C:\WINDOWS\gfmnaaa.dll moved successfully.
C:\WINDOWS\funny.exe moved successfully.
C:\WINDOWS\funniest.exe moved successfully.
C:\WINDOWS\explorer32.exe moved successfully.
C:\WINDOWS\explore.exe moved successfully.
C:\WINDOWS\editpad.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\dnsrelay.dll NOT unregistered.
C:\WINDOWS\dnsrelay.dll moved successfully.
C:\WINDOWS\directx32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctrlpan.dll NOT unregistered.
C:\WINDOWS\ctrlpan.dll moved successfully.
C:\WINDOWS\ctfmon32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\cpan.dll
C:\WINDOWS\cpan.dll NOT unregistered.
C:\WINDOWS\cpan.dll moved successfully.
C:\WINDOWS\clrssn.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\avpcc.dll
C:\WINDOWS\avpcc.dll NOT unregistered.
C:\WINDOWS\avpcc.dll moved successfully.
C:\WINDOWS\accesss.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbinit.dll NOT unregistered.
C:\WINDOWS\system32\clbinit.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.dll NOT unregistered.
C:\WINDOWS\system32\clbdll.dll moved successfully.
C:\WINDOWS\system32\qcntskdm.exe moved successfully.
C:\WINDOWS\system32\g14.exe moved successfully.
C:\WINDOWS\system32\logXv06 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\opnlIYpP.dll
C:\WINDOWS\system32\opnlIYpP.dll NOT unregistered.
C:\WINDOWS\system32\opnlIYpP.dll moved successfully.
C:\WINDOWS\system32\hljwugsf.bin moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll
C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll NOT unregistered.
C:\WINDOWS\system32\{668e5d3d-969a-00ea-2103-51f9b59c9c3b}.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_152546






And here is the DSS log:




Deckard's System Scanner v20071014.68
Run by Schloss on 2008-05-29 15:41:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 10.78 GiB (less than 15%) free.


-- HijackThis (run as Schloss.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:17 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Schloss\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Schloss.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SCHLOSS\Application Data\Mozilla\Profiles\default\l78mjxlf.slt\prefs.js)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11351 bytes

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-27 16:12:23 0 d-------- C:\Documents and Settings\Schloss\Application Data\Grisoft
2008-05-27 16:11:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-25 11:03:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-25 10:40:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-25 10:40:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-23 14:50:35 0 d-------- C:\Documents and Settings\Schloss\Application Data\Malwarebytes
2008-05-23 14:50:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 14:50:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 12:31:50 2560 --a------ C:\WINDOWS\system32\djhedshr.exe
2008-05-23 12:29:31 90240 -----n--- C:\WINDOWS\system32\hrdprlub.dll
2008-05-23 12:28:46 314512 -----n--- C:\WINDOWS\system32\ljJCrSMc.dll
2008-05-23 12:22:59 0 d--hs---- C:\WINDOWS\CSC
2008-05-23 11:42:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-23 11:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-23 11:15:06 0 d-------- C:\WINDOWS\qfrk
2008-05-23 11:15:06 0 d-------- C:\Program Files\Common Files\qfrk
2008-05-20 18:35:12 0 d-------- C:\Documents and Settings\Schloss\Application Data\SpeedRunner
2008-05-20 18:25:11 0 d-------- C:\Program Files\Spcron
2008-05-19 08:55:20 439808 -----n--- C:\WINDOWS\system32\{6aa6f899-cb5f-e611-43b7-333c8a9c40d3}.dll
2008-05-18 11:01:33 0 d-------- C:\Documents and Settings\Schloss\Application Data\uTorrent
2008-05-18 11:01:17 0 d-------- C:\Program Files\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-05-29 15:40:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-29 15:35:55 0 d-a------ C:\Program Files\Common Files
2008-05-29 15:34:47 288 --a----c- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-29 15:34:47 288 --a----c- C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2008-05-23 15:00:10 0 d-------- C:\Program Files\Norton Security Scan
2008-05-23 12:06:47 0 d-------- C:\Program Files\GetRight
2008-05-17 16:58:41 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-02 16:42:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-19 20:40:34 0 d-------- C:\Program Files\Universal Interactive
2008-04-19 20:40:34 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/14/2002 06:22 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 09:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/30/2002 01:00 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 04:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 02:56 AM C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/24/2003 04:58 PM]
"ATIPTA"="atiptaxx.exe" [05/12/2005 09:05 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/14/2005 09:16 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/08/2005 03:45 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2006 05:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/21/2006 09:32 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 04:46 PM]
"SfKg6wIP"="C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe" [05/20/2008 06:35 PM]
"SpeedRunner"="C:\Documents and Settings\Schloss\Application Data\SpeedRunner\SpeedRunner.exe" [05/23/2008 03:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [10/28/2005 11:23:10 AM]
DESKTOP.INI [9/3/2002 1:36:04 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/12/2006 3:43:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoSMMyDocs"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMyMusic"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoAddPrinter"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoDeletePrinter"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msaps, schannel.dll, digest.dll, msns,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Schloss^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=C:\Documents and Settings\Schloss\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
C:\WINDOWS\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client]
C:\Program Files\RSNet\RSEDNClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
C:\Program Files\SpyKiller\spykiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\progra~1\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]
C:\PROGRA~1\SYSTEM~1\soap.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatev01]
C:\WINDOWS\System32\updatev01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.EXE 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71860fc1-a5b0-11db-bd8f-b4406390e31c}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-29 15:41:50 ------------
  • 0

#13
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#14
Spootbat

Spootbat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, here is the Kaspersky log:



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 6:53:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 815162
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 182893
Number of viruses found: 31
Number of infected objects: 63
Number of suspicious objects: 0
Duration of the scan process: 03:20:44

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080528143612\backup\DOCUME~1\Schloss\LOCALS~1\Temp\b3new.exe Infected: not-virus:Hoax.Win32.Renos.cii skipped
C:\Deckard\System Scanner\20080528143612\backup\DOCUME~1\Schloss\LOCALS~1\Temp\kjhTyg.exe/data0006 Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\Deckard\System Scanner\20080528143612\backup\DOCUME~1\Schloss\LOCALS~1\Temp\kjhTyg.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20080528143612\backup\DOCUME~1\Schloss\LOCALS~1\Temp\tmp9.tmp/data0003 Infected: Trojan.Win32.BHO.cmd skipped
C:\Deckard\System Scanner\20080528143612\backup\DOCUME~1\Schloss\LOCALS~1\Temp\tmp9.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Schloss\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Schloss\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Schloss\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Schloss\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Schloss\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.93467 Infected: Trojan-Downloader.Win32.Homles.bo skipped
C:\Documents and Settings\Schloss\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94562 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe Infected: Trojan-Downloader.Win32.Agent.qqn skipped
C:\Documents and Settings\Schloss\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-1170ba49-68d5ea21.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Schloss\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-1170ba49-68d5ea21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Schloss\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temp\Perflib_Perfdata_2b0.dat Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temp\Perflib_Perfdata_878.dat Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temp\Perflib_Perfdata_89c.dat Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temp\~DF73A0.tmp Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temp\~DF9E37.tmp Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\67KFSNIP\run04[1].exe Infected: Trojan.Win32.Agent.gna skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\GNI7KXST\b3new[1].exe Infected: not-virus:Hoax.Win32.Renos.cii skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\GNI7KXST\kjhTyg[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\GNI7KXST\kjhTyg[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Schloss\Local Settings\Temporary Internet Files\Content.IE5\YN894JKF\ie[1].exe Infected: Trojan-Clicker.Win32.Delf.yh skipped
C:\Documents and Settings\Schloss\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Schloss\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\06A744C2.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\139246DE.exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\139246DE.exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\139246DE.exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\139246DE.exe Inno: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\139246DE.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\139570DA.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Norton AntiVirus\Quarantine\13981AD7.exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\13981AD7.exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\13981AD7.exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\13981AD7.exe Inno: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\13981AD7.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DAA1E92.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DAE488E.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DB1728B.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DB41C87.vir Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\415F43AF.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\qoobox\Quarantine\C\Program Files\svhost\wr-1-77.exe.vir Infected: Trojan-Downloader.Win32.Small.fox skipped
C:\qoobox\Quarantine\C\WINDOWS\svhost.exe.vir Infected: Trojan-Proxy.Win32.VB.ag skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\Q2\mon33dll.exe.vir/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\Q2\mon33dll.exe.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.c skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\Q2\mon33dll.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\Q2\mon33dll.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\Q2\mon33dll.exe.vir NSIS: infected - 4 skipped
C:\qoobox\Quarantine\catchme2007-09-18_151733.92.zip/byxwutr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\catchme2007-09-18_151733.92.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205058.exe Infected: not-a-virus:AdWare.Win32.Rond.f skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205061.exe Infected: Trojan.Win32.BHO.bkm skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1075\A0205067.exe Infected: Trojan-Downloader.Win32.Homles.bo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205259.exe Infected: Trojan-Downloader.Win32.Agent.plz skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205260.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205261.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205262.exe/data0004 Infected: Email-Worm.Win32.Zhelatin.zb skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205262.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205263.exe Infected: Trojan-Downloader.Win32.Small.fox skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205264.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205265.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205266.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205269.exe Infected: not-a-virus:AdWare.Win32.Sahat.as skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205271.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\A0205271.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1076\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\msfdje.gif Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\WINDOWS\SYSTEM32\updatev01.exe Infected: not-a-virus:AdWare.Win32.Sahat.bo skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped
C:\_OTMoveIt\MovedFiles\05292008_152546\WINDOWS\system32\g14.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\_OTMoveIt\MovedFiles\05292008_152546\WINDOWS\system32\g14.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\_OTMoveIt\MovedFiles\05292008_152546\WINDOWS\system32\g14.exe NSIS: infected - 2 skipped

Scan process completed.
  • 0

#15
RenatoMejias

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next,

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Documents and Settings\Schloss\Application Data\Microsoft\Windows\pdgoma.exe <--this file
C:\WINDOWS\SYSTEM32\msfdje.gif <--this file
C:\WINDOWS\SYSTEM32\updatev01.exe <--this file

Clean your recycle bin and Quarentine of MalwareBytes.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP