Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Girlfriend slowed down my computer

Started by Atrain722000 , Oct 22 2007 01:23 AM

  • Please log in to reply

#1
Atrain722000
Posted 22 October 2007 - 01:23 AM

Atrain722000

    New Member

  • Member
  • Pip
  • 9 posts
My girlfriends computer broke the other day, so i have been letting her use mine. Well she knows nothing about computers and im sure she downloaded some nasty stuff to my comp. It has been running extremly slow lately and has been buggy as ever. It wont let me run certain programs a few minutes after booting up (including hijackthis) I have tried everything i know to fix it but my knowledge is nowhere near as good as the people on this board. So please help me!! I have norton anti-virus on my computer, and have done several scans. Each time it finds a bunch of problems and says it deletes them, but of course it doesn't work. Im using windows XP. Here is the hijackthis file. Thanks for taking the time to help me out! I have been browsing the forum and it seems like everyone is doing a great job of helping everyone with their problems! Thanks


Logfile of HijackThis v1.99.1
Scan saved at 1:14:58 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\aqdttqmg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [j9221138] rundll32 C:\WINDOWS\system32\j9221138.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ohaufakw.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: Registration Lock On
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aqdttqmg.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
njustice
Posted 22 October 2007 - 03:26 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


Download: DelDomains.inf
Locate DelDomains.inf
Right-click and select "Install"


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Note:
If you already have VundoFix please delete that version and download the latest version from the link above.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.

  • 0

#3
Atrain722000
Posted 22 October 2007 - 10:47 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok i did everything you said. here is all of the logs that you asked me to post. I can already tell that it is running faster so thank you so much. let me know if i need to do anything else!

Superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/22/2007 at 07:41 PM

Application Version : 3.9.1008

Core Rules Database Version : 3329
Trace Rules Database Version: 1330

Scan type : Complete Scan
Total Scan Time : 00:50:11

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 6592
Registry threats detected : 21
File items scanned : 99172
File threats detected : 565

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com#*

Adware.Tracking Cookie
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@bluestreak[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@wetsextgp[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tribalfusion[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@mediaplex[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@precisionclick[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@serving-sys[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultadworld[3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@zedo[3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tacoda[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@trafficmp[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@questionmarket[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@statcounter[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@atdmt[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@hitbox[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultrental[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornotube[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@burstnet[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realsexcash[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\a-train72@valueclick[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@exitexchange[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@cpvfeed[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@doubleclick[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@clicktorrent[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@indiads[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@revsci[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\a-train72@tradedoubler[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\a-train72@enhance[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adecn[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@findwhat[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@specificclick[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adtech[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adrevolver[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@petiteteenager[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultfriendfinder[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tripod[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@atwola[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@247realmedia[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@megaporndump[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@nextag[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@yadro[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexysportschicks[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@affiliatetracking[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sextracker[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@apmebf[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornhost[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@freepornlessons[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@eyewonder[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adlegend[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@xxxcounter[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@clicksor[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@gostats[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@freesexos[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@toplist[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pro-market[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@imrworldwide[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@onlyteenblowjobs[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@gimmesex[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@teengfs[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@partner2profit[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@teenplanet[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pepperjamtracker[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@komtrack[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexbuddies[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornminded[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@socialmedia[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@drivecleaner[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@overture[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexlist[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@keywordmax[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@winantivirus[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@revenue[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@hqthefilmsxxx[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@screensavers[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@amateurpornforum[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@media6degrees[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornaccess[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@maxserving[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@partypoker[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@mybannermaker[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@onlinesexgames[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@forumdesexo[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultswim[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@azjmp[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@webstat[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@webstat[3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@euros4click[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@hqthefilmsxxx[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@shinystat[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@hqthefilmsxxx[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@hentaicounter[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@indexstats[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fortunecity[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@weloveteengirls[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected]
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@list[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@liveadulthost[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@thesuperxxx[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@interclick[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@paycounter[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@youramateurporn[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexandsubmission[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexyfunpics[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@lynxtrack[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@goclick[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornoboards[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@winantispyware[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@collective-media[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adredired[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adult-sex-porn-tv[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@azoogleads[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@dealtime[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@thesuperxxx[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[10].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[11].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@2o7[9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[10].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[11].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adbrite[9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adinterax[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adlegend[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adlegend[2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adrevolver[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adrevolver[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adrevolver[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultadworld[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultadworld[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@adultfriendfinder[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[10].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[11].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@advertising[9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@bluestreak[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@bluestreak[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@bluestreak[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@bluestreak[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@casalemedia[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@clicksor[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@clicksor[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@collective-media[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@collective-media[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@cpvfeed[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@cpvfeed[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@cpvfeed[4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[10].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[11].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@fastclick[9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@forumdesexo[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@interclick[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@interclick[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@interclick[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@interclick[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[7].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@linksynergy[9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@pornminded[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@precisionclick[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@precisionclick[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@precisionclick[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@precisionclick[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@questionmarket[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@questionmarket[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@questionmarket[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@realmedia[6].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@revsci[1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@sexandsubmission[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@specificclick[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@statcounter[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@statcounter[3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@trafficmp[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@trafficmp[2].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@trafficmp[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tribalfusion[1].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tribalfusion[3].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tribalfusion[4].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@tribalfusion[5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][10].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][11].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][6].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][7].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][8].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][9].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][1].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][2].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][3].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][4].txt
C:\Documents and Settings\A-Train72\Cookies\[email protected][5].txt
C:\Documents and Settings\A-Train72\Cookies\a-train72@zedo[1].txt

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion


Vundo Fix Log

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 6:31:40 PM 10/22/2007

Listing files found while scanning....

C:\windows\system32\baiijumj.dll
C:\windows\system32\bamogftb.ini
C:\windows\system32\btfgomab.dll
C:\WINDOWS\system32\cllmtknd.dll
C:\windows\system32\cmgwbxnh.dll
C:\windows\system32\dnktmllc.ini
C:\windows\system32\fajekdiv.dll
C:\WINDOWS\system32\fvdbosqv.dll
C:\windows\system32\hlnqjknl.ini
C:\WINDOWS\system32\hlwgxxwi.dll
C:\windows\system32\hnxbwgmc.ini
C:\windows\system32\hpbqtvry.dll
C:\WINDOWS\system32\jrxftakt.dll
C:\windows\system32\lnkjqnlh.dll
C:\windows\system32\lntsrday.ini
C:\windows\system32\nigjrfjq.dll
C:\windows\system32\ohaufakw.dll
C:\windows\system32\ojsaysro.dll
C:\windows\system32\orsyasjo.ini
C:\windows\system32\pjsmalvp.dll
C:\windows\system32\qjfrjgin.ini
C:\WINDOWS\system32\qumvsddu.dll
C:\windows\system32\rddrgryx.dll
C:\windows\system32\rrqss.bak1
C:\windows\system32\rrqss.bak2
C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.tmp
C:\WINDOWS\system32\rseruyxo.dll
C:\WINDOWS\system32\ssqonom.dll
C:\WINDOWS\system32\ssqrr.dll
C:\windows\system32\wkafuaho.ini
C:\WINDOWS\system32\xrctdwik.dll
C:\windows\system32\xyrgrddr.ini
C:\windows\system32\yadrstnl.dll

Beginning removal...

Attempting to delete C:\windows\system32\baiijumj.dll
C:\windows\system32\baiijumj.dll Has been deleted!

Attempting to delete C:\windows\system32\bamogftb.ini
C:\windows\system32\bamogftb.ini Has been deleted!

Attempting to delete C:\windows\system32\btfgomab.dll
C:\windows\system32\btfgomab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cllmtknd.dll
C:\WINDOWS\system32\cllmtknd.dll Could not be deleted.

Attempting to delete C:\windows\system32\cmgwbxnh.dll
C:\windows\system32\cmgwbxnh.dll Has been deleted!

Attempting to delete C:\windows\system32\dnktmllc.ini
C:\windows\system32\dnktmllc.ini Has been deleted!

Attempting to delete C:\windows\system32\fajekdiv.dll
C:\windows\system32\fajekdiv.dll Has been deleted!

Attempting to delete C:\windows\system32\hlnqjknl.ini
C:\windows\system32\hlnqjknl.ini Has been deleted!

Attempting to delete C:\windows\system32\hnxbwgmc.ini
C:\windows\system32\hnxbwgmc.ini Has been deleted!

Attempting to delete C:\windows\system32\hpbqtvry.dll
C:\windows\system32\hpbqtvry.dll Has been deleted!

Attempting to delete C:\windows\system32\lnkjqnlh.dll
C:\windows\system32\lnkjqnlh.dll Has been deleted!

Attempting to delete C:\windows\system32\lntsrday.ini
C:\windows\system32\lntsrday.ini Has been deleted!

Attempting to delete C:\windows\system32\nigjrfjq.dll
C:\windows\system32\nigjrfjq.dll Has been deleted!

Attempting to delete C:\windows\system32\ohaufakw.dll
C:\windows\system32\ohaufakw.dll Has been deleted!

Attempting to delete C:\windows\system32\ojsaysro.dll
C:\windows\system32\ojsaysro.dll Has been deleted!

Attempting to delete C:\windows\system32\orsyasjo.ini
C:\windows\system32\orsyasjo.in
  • 0

#4
Atrain722000
Posted 22 October 2007 - 10:48 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:46:16 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\aqdttqmg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bikini\Ashleyspics111.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F614D5C-5195-422E-AF0B-17C5603C0946} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {4C70214F-9EFD-4D62-9D0A-C29816B057Db} - C:\WINDOWS\system32\baiijumj.dll (file missing)
O2 - BHO: (no name) - {5B159094-B477-48F6-820B-B20BDCD09976} - C:\WINDOWS\system32\dsdm.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [j9221138] rundll32 C:\WINDOWS\system32\j9221138.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: Registration Lock On
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aqdttqmg.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by Atrain722000, 23 October 2007 - 03:03 AM.

  • 0

#5
njustice
Posted 23 October 2007 - 04:19 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

Delete C:\vundofix.txt <===this file in bold

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply with a new Hijackthis log.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


Before you post the combofix log and a new Hijackthis log I need you to perform the following:

Go to where Hijackthis is located (C:\Program Files\Hijackthis\HijackThis.exe) and right click on HiJackThis.exe and select "Rename" while still highlighted type "Analyse" without the quotes.

Reboot your computer into safe mode:

1. Click Start and then click Shut Down.

2. In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

3. As your computer restarts but before Windows launches, press F8. On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

4. Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

5. Run HiJackThis and save the log to your desktop.

6. Reboot to normal mode and

7. Run Vundofix again.

8. Post the C:\ComboFix.txt log, C:\vundofix.txt and the HijackThis log you saved to your desktop.

Edited by njustice, 23 October 2007 - 04:33 AM.

  • 0

#6
Atrain722000
Posted 23 October 2007 - 12:34 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok did everything you said. Here are the new log files

Combo Fix

ComboFix 07-10-23.1 - A-Train72 2007-10-23 11:43:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.97 [GMT -6:00]
Running from: C:\Documents and Settings\A-Train72\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\A-Train72\Application Data\macromedia\Flash Player\#SharedObjects\GLR4V7S9\www.broadcaster.com
C:\Documents and Settings\A-Train72\Application Data\macromedia\Flash Player\#SharedObjects\GLR4V7S9\www.broadcaster.com\played_list.sol
C:\Documents and Settings\A-Train72\Application Data\macromedia\Flash Player\#SharedObjects\GLR4V7S9\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\A-Train72\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\A-Train72\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aqdttqmg.exe
C:\WINDOWS\system32\civhmmiv.exe
C:\WINDOWS\system32\erlwkeig.exe
C:\WINDOWS\system32\fgtqrbyy.exe
C:\WINDOWS\system32\fotmcigx.exe
C:\WINDOWS\system32\gmmgelej.exe
C:\WINDOWS\system32\hsjryasv.exe
C:\WINDOWS\system32\iqpdfduq.exe
C:\WINDOWS\system32\jdsosqpa.exe
C:\WINDOWS\system32\jenrhcdv.exe
C:\WINDOWS\system32\jnjpjqfw.exe
C:\WINDOWS\system32\jyamkehh.exe
C:\WINDOWS\system32\knlqdvth.exe
C:\WINDOWS\system32\kyhbjthc.exe
C:\WINDOWS\system32\oqcdepyc.exe
C:\WINDOWS\system32\osmpdlin.exe
C:\WINDOWS\system32\phnjcmil.exe
C:\WINDOWS\system32\plbxwney.exe
C:\WINDOWS\system32\qkmdryps.exe
C:\WINDOWS\system32\sbtvcgnv.exe
C:\WINDOWS\system32\sqldxvva.exe
C:\WINDOWS\system32\tgkuasgn.exe
C:\WINDOWS\system32\ulworfmu.exe
C:\WINDOWS\system32\uotbntkc.exe
C:\WINDOWS\system32\uxhvwvuq.exe
C:\WINDOWS\system32\wbivxoqw.exe
C:\WINDOWS\system32\wmragstl.exe
C:\WINDOWS\system32\xohbsrdg.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-23 11:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 18:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-22 18:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 18:46 <DIR> d-------- C:\Documents and Settings\A-Train72\Application Data\SUPERAntiSpyware.com
2007-10-22 18:31 <DIR> d-------- C:\VundoFix Backups
2007-10-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-28 14:41 59,392 --a------ C:\WINDOWS\system32\deskper.dll
2007-09-27 22:27 59,392 --a------ C:\WINDOWS\system32\dispe.dll
2007-09-27 22:27 17,920 C:\WINDOWS\system32\drivers\dekopeqs.sys
2007-09-27 22:27 4,736 C:\WINDOWS\system32\drivers\tovimqxu.sys
2007-09-27 22:26 106,105 --a------ C:\WINDOWS\system32\dsdm.dll
2007-09-25 19:00 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-09-23 22:01 <DIR> d-------- C:\Program Files\PartyGaming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 17:56 --------- d-----w C:\Program Files\Steam
2007-10-23 05:39 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-23 00:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-17 22:01 --------- d-----w C:\Documents and Settings\A-Train72\Application Data\AdobeUM
2007-10-12 07:13 --------- d-----w C:\Program Files\Shockwave.com
2007-09-26 01:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-12 16:06 --------- d-----w C:\Program Files\Yahoo!
2007-09-12 06:13 --------- d-----w C:\Documents and Settings\A-Train72\Application Data\Yahoo!
2007-08-29 04:33 --------- d-----w C:\Program Files\Common Files\HP
2007-08-29 04:25 --------- d-----w C:\Program Files\HP
2007-08-29 04:24 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-29 04:15 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F614D5C-5195-422E-AF0B-17C5603C0946}]
C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C70214F-9EFD-4D62-9D0A-C29816B057Db}]
C:\WINDOWS\system32\baiijumj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B159094-B477-48F6-820B-B20BDCD09976}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 10:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-18 22:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-10-05 01:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020

C:\Documents and Settings\A-Train72\Start Menu\Programs\Startup\
Registration Lock On [2006-08-11 13:22:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


R0 wlfrzbll;wlfrzbll;C:\WINDOWS\system32\drivers\dekopeqs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-21 20:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-20 06:16:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - A-Train72.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 12:03:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 12:08:05 - machine was rebooted
.

VundoFIX

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 12:24:56 PM 10/23/2007

Listing files found while scanning....

No infected files were found.

NEW HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 12:19:23 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F614D5C-5195-422E-AF0B-17C5603C0946} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {4C70214F-9EFD-4D62-9D0A-C29816B057Db} - C:\WINDOWS\system32\baiijumj.dll (file missing)
O2 - BHO: (no name) - {5B159094-B477-48F6-820B-B20BDCD09976} - C:\WINDOWS\system32\dsdm.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: Registration Lock On
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Thanks for your continued help. Your a lifesaver!
  • 0

#7
njustice
Posted 23 October 2007 - 06:46 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {0F614D5C-5195-422E-AF0B-17C5603C0946} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {4C70214F-9EFD-4D62-9D0A-C29816B057Db} - C:\WINDOWS\system32\baiijumj.dll (file missing)
O2 - BHO: (no name) - {5B159094-B477-48F6-820B-B20BDCD09976} - C:\WINDOWS\system32\dsdm.dll
O4 - Startup: Registration Lock On
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)

Click on Fix Checked when finished and exit HijackThis.


[*]Reboot into Safe Mode: please see here if you are not sure how to do this.


Using Windows Explorer, locate the following file, and delete:

C:\WINDOWS\system32\dsdm.dll

Exit Explorer, and reboot as normal afterwards.


If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.


Please go to THIS page and download Trojan.Linkoptimizer Removal Tool. Run in safe mode twice. Post a new hijackthis log.
  • 0

#8
Atrain722000
Posted 26 October 2007 - 01:59 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
sorry been away from home for the week... dont close this topic just yet please. Will get back to you tommorrow i promise. Thanks
  • 0

#9
Atrain722000
Posted 26 October 2007 - 11:56 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok i did everything you said. everything worked fine, however i hit a snag when i tried to delete this

Using Windows Explorer, locate the following file, and delete:

C:\WINDOWS\system32\dsdm.dll

Exit Explorer, and reboot as normal afterwards


When i tried to do that it gave an error message saying the file was already in use or write protected. Not sure why.

i proceded to use the linkoptimizer removal tool and it said that it was not found on my computer... also my computer wont connect to my personal wireless network anymore. I haven't tried resetting the network yet but i will.

Anyway here is the latest hijack this file


Logfile of HijackThis v1.99.1
Scan saved at 11:55:28 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5B159094-B477-48F6-820B-B20BDCD09976} - C:\WINDOWS\system32\dsdm.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks for continuing to help
  • 0

#10
njustice
Posted 27 October 2007 - 05:05 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

I need you to check a few files for me before we proceed. I'm sure these are bad, but need confirmation so we don't bork your system.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path(s) shown below in red into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\dispe.dll
  • Click on the submit button
  • Check these files also
    • C:\WINDOWS\system32\drivers\dekopeqs.sys
    • C:\WINDOWS\system32\drivers\tovimqxu.sys
    • C:\WINDOWS\system32\dsdm.dll
  • Please post the results for each file in your next reply.

  • 0

Advertisements

#11
Atrain722000
Posted 31 October 2007 - 08:00 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
File: dispe.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ee5db68a4d6b6a7015ba2714543542eb
Packers detected: -
Bit9 reports: High threat detected (more info)

Scanner results
Scan taken on 01 Nov 2007 01:50:16 (GMT)
A-Squared Found Trojan.Win32.BHO.gy
AntiVir Found TR/BHO.GY.5
ArcaVir Found nothing
Avast Found Win32:BHO-HY
AVG Antivirus Found BHO.BGK
BitDefender Found Trojan.Spy.Bzub.NFQ
ClamAV Found nothing
CPsecure Found Troj.W32.BHO.gy
Dr.Web Found Trojan.Sentinel
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.BHO.gy
Fortinet Found W32/BHO.GY!tr
Kaspersky Anti-Virus Found Trojan.Win32.BHO.gy
NOD32 Found probably a variant of Win32/BHO (probable variant)
Norman Virus Control Found W32/BHO.QG
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan.Win32.BHO.gy


File: dsdm.dll
Status: INFECTED/MALWARE
MD5: d85b598b27053fa19030238099a490e7
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 01 Nov 2007 01:55:15 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.Morphine.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found BHO.BIS
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.PWS.Tanspy.775
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/BHO.QG
Panda Antivirus Found Trj/Cimuz.HC
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing




For these files it showed a screen saying that the file i uploaded was less than 0 bytes, and that it was likely malware was preventing me from uploading it... not sure what that means

C:\WINDOWS\system32\drivers\dekopeqs.sys
C:\WINDOWS\system32\drivers\tovimqxu.sys

Thanks
  • 0

#12
njustice
Posted 01 November 2007 - 05:20 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello Atrain722000, sorry for the delay.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad in the Run Box. Press Enter on your keyboard.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\dekopeqs.sys
C:\WINDOWS\system32\drivers\tovimqxu.sys
C:\WINDOWS\system32\dsdm.dll
C:\WINDOWS\system32\dispe.dll
C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\baiijumj.dll

Driver::
dekopeqs.sys
tovimqxu.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F614D5C-5195-422E-AF0B-17C5603C0946}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C70214F-9EFD-4D62-9D0A-C29816B057Db}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B159094-B477-48F6-820B-B20BDCD09976}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#13
Atrain722000
Posted 03 November 2007 - 02:51 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Combofix log

ComboFix 07-10-23.1 - A-Train72 2007-11-03 14:32:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT -6:00]
Running from: C:\Documents and Settings\A-Train72\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\A-Train72\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\baiijumj.dll
C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\dispe.dll
C:\WINDOWS\system32\drivers\dekopeqs.sys
C:\WINDOWS\system32\drivers\tovimqxu.sys
C:\WINDOWS\system32\dsdm.dll
C:\WINDOWS\system32\ssqrr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\dispe.dll
C:\WINDOWS\system32\drivers\dekopeqs.sys
C:\WINDOWS\system32\drivers\tovimqxu.sys
C:\WINDOWS\system32\dsdm.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-10-30 23:37 <DIR> d-------- C:\Program Files\TLC
2007-10-30 23:37 297 --a------ C:\WINDOWS\EReg077.dat
2007-10-30 23:36 289,280 --a------ C:\WINDOWS\uninst.exe
2007-10-23 11:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 18:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-22 18:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 18:46 <DIR> d-------- C:\Documents and Settings\A-Train72\Application Data\SUPERAntiSpyware.com
2007-10-22 18:31 <DIR> d-------- C:\VundoFix Backups
2007-10-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 20:39 --------- d-----w C:\Program Files\Steam
2007-11-03 20:39 --------- d-----w C:\Program Files\Google
2007-11-02 19:54 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-02 15:54 6,268 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-01 00:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 00:56 --------- d-----w C:\Program Files\Full Tilt Poker
2007-10-17 22:01 --------- d-----w C:\Documents and Settings\A-Train72\Application Data\AdobeUM
2007-10-12 07:13 --------- d-----w C:\Program Files\Shockwave.com
2007-09-26 01:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 04:04 --------- d-----w C:\Program Files\PartyGaming
2007-09-12 16:06 --------- d-----w C:\Program Files\Yahoo!
2007-09-12 06:13 --------- d-----w C:\Documents and Settings\A-Train72\Application Data\Yahoo!
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-23_12.03.48.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-11 20:04:36 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2007-10-31 15:21:49 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 10:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-18 22:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-10-05 01:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


R0 wlfrzbll;wlfrzbll;C:\WINDOWS\system32\drivers\dekopeqs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 20:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-03 02:08:17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - A-Train72.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 14:40:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-03 14:43:28 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-23 12:08
.
--- E O F ---



HIJACKTHIS log

Logfile of HijackThis v1.99.1
Scan saved at 2:51:00 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



THANKS!
  • 0

#14
njustice
Posted 04 November 2007 - 03:09 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello ATrain,

Logs are looking much better. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Next....


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post a new Hijackthis log as well.
  • 0

#15
Atrain722000
Posted 08 November 2007 - 08:59 PM

Atrain722000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok i fixed my java, but for some reason i cant scan my computer with the panda scan. I click on the scan button and it just doesnt do anything...... :)..... no idea why. Anyway my computer is running a million times better. Thanks for all your help i really appreciate it. Let me know if there is anything else i need to do!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP