Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm In Pop-up Turmoil...please Help...


  • Please log in to reply
11 replies to this topic

#1 uks2h

uks2h

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 03 September 2007 - 12:58 AM

I'm getting all kinds of pop-ups from PurePlay.com and megapromotionsgroup.com as well as many others. I hope someone here can figure out the problem, because I have worked a week on trying to get this off my computer and wasted a lot of time on this. Thanks for your time!

Scott


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:23 AM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5082
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5082
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {997D18C3-CE84-497F-84EB-FAE83A011F44} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10574 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 03 September 2007 - 05:45 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum uks2h :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 uks2h

uks2h
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 September 2007 - 11:57 AM

Hey again. I downloaded the program and I will post both the combofix and hijackthis logs below.

I'm sorry I haven't replied faster but I have just been very busy this labor day weekend. I appreciate your help.

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:15 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.Desktop\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {997D18C3-CE84-497F-84EB-FAE83A011F44} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10223 bytes


Combofix log

ComboFix 07-09-04.4 - "Owner" 2007-09-04 12:39:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1226 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\wr.txt
E:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 12:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-08-22 04:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-19 23:23 <DIR> d-------- C:\Program Files\Winamp
2007-08-16 04:53 <DIR> d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Ahead
2007-08-16 04:49 <DIR> d-------- C:\Program Files\Nero
2007-08-16 04:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-16 04:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-16 03:51 <DIR> d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\CyberLink
2007-08-16 03:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-16 03:48 <DIR> d-------- C:\Program Files\DVD Shrink
2007-08-16 03:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-08-07 20:30 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-07 20:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-07 20:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 17:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 17:11 <DIR> d-------- C:\VundoFix Backups
2007-08-06 21:22 <DIR> d-------- C:\Program Files\iTunes
2007-08-06 21:22 <DIR> d-------- C:\Program Files\iPod


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 12:49 --------- d-------- C:\Program Files\PeerGuardian2
2007-09-04 12:27 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\uTorrent
2007-09-04 12:17 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\FrostWire
2007-08-22 04:57 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Real
2007-08-22 04:55 --------- d-------- C:\Program Files\Common Files\Real
2007-08-16 23:18 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\dvdcss
2007-08-16 06:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-11 13:57 0 --------- C:\WINDOWS\system32\lkytiupx.Vexe
2007-08-11 13:57 0 --------- C:\WINDOWS\system32\lkytiupx.V03exe
2007-08-11 13:57 0 --------- C:\WINDOWS\system32\lkytiupx.V02exe
2007-08-11 13:57 0 --------- C:\WINDOWS\system32\lkytiupx.V01exe
2007-08-11 13:57 0 --------- C:\WINDOWS\system32\lkytiupx.V00exe
2007-08-07 19:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-01 04:57 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 20:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-27 19:54 237510 --a------ C:\WINDOWS\b128.exe.bin
2007-07-27 19:45 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-27 19:45 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-27 19:45 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-27 19:30 72832 --------- C:\WINDOWS\system32\drivers\core.sys
2007-07-27 19:30 363109 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2007-07-26 18:32 --------- d-------- C:\Program Files\mIRC
2007-07-25 21:57 --------- d-------- C:\Program Files\LimeWire
2007-07-25 21:51 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\LimeWire
2007-07-22 09:52 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\HP
2007-07-12 01:42 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-07-12 01:40 --------- d-------- C:\Program Files\World of Warcraft
2007-07-11 22:03 --------- d-------- C:\Program Files\MySpace
2007-07-11 21:20 --------- d-------- C:\Program Files\QuickTime
2007-07-11 20:11 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997D18C3-CE84-497F-84EB-FAE83A011F44}]
C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 22:44]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"nwiz"="nwiz.exe" [2005-09-18 12:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"HostManager"="C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 21:42]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 20:16]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-02-05 16:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-27 19:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 04:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 14:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-02-01 03:46:53]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]

C:\DOCUME~1\OWNER~1.DES\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

*Newly Created Service* - PGFILTER

Contents of the 'Scheduled Tasks' folder
"2007-09-03 20:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 12:45:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 12:50:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-04 12:50

--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 September 2007 - 12:14 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\lkytiupx.Vexe
C:\WINDOWS\system32\lkytiupx.V03exe
C:\WINDOWS\system32\lkytiupx.V02exe
C:\WINDOWS\system32\lkytiupx.V01exe
C:\WINDOWS\system32\lkytiupx.V00exe
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 uks2h

uks2h
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 September 2007 - 12:41 PM

ComboFix Log

ComboFix 07-09-04.4 - "Owner" 2007-09-04 13:34:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1251 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Owner.Desktop\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\lkytiupx.Vexe
C:\WINDOWS\system32\lkytiupx.V03exe
C:\WINDOWS\system32\lkytiupx.V02exe
C:\WINDOWS\system32\lkytiupx.V01exe
C:\WINDOWS\system32\lkytiupx.V00exe
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\core.cache.dsk


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\lkytiupx.V00exe
C:\WINDOWS\system32\lkytiupx.V01exe
C:\WINDOWS\system32\lkytiupx.V02exe
C:\WINDOWS\system32\lkytiupx.V03exe
C:\WINDOWS\system32\lkytiupx.Vexe


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 12:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-08-22 04:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-19 23:23 <DIR> d-------- C:\Program Files\Winamp
2007-08-16 04:53 <DIR> d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Ahead
2007-08-16 04:49 <DIR> d-------- C:\Program Files\Nero
2007-08-16 04:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-16 04:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-16 03:51 <DIR> d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\CyberLink
2007-08-16 03:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-16 03:48 <DIR> d-------- C:\Program Files\DVD Shrink
2007-08-16 03:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-08-07 20:30 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-07 20:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-07 20:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 17:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 17:11 <DIR> d-------- C:\VundoFix Backups
2007-08-06 21:22 <DIR> d-------- C:\Program Files\iTunes
2007-08-06 21:22 <DIR> d-------- C:\Program Files\iPod


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 13:36 --------- d-------- C:\Program Files\PeerGuardian2
2007-09-04 12:27 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\uTorrent
2007-09-04 12:17 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\FrostWire
2007-08-22 04:57 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Real
2007-08-22 04:55 --------- d-------- C:\Program Files\Common Files\Real
2007-08-16 23:18 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\dvdcss
2007-08-16 06:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-01 04:57 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 20:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-27 19:45 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-27 19:45 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-27 19:45 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-26 18:32 --------- d-------- C:\Program Files\mIRC
2007-07-25 21:57 --------- d-------- C:\Program Files\LimeWire
2007-07-25 21:51 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\LimeWire
2007-07-22 09:52 --------- d-------- C:\DOCUME~1\OWNER~1.DES\APPLIC~1\HP
2007-07-12 01:42 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-07-12 01:40 --------- d-------- C:\Program Files\World of Warcraft
2007-07-11 22:03 --------- d-------- C:\Program Files\MySpace
2007-07-11 21:20 --------- d-------- C:\Program Files\QuickTime
2007-07-11 20:11 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997D18C3-CE84-497F-84EB-FAE83A011F44}]
C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 22:44]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"nwiz"="nwiz.exe" [2005-09-18 12:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"HostManager"="C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 21:42]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 20:16]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-02-05 16:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-27 19:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 04:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 14:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-02-01 03:46:53]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]

C:\DOCUME~1\OWNER~1.DES\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

*Newly Created Service* - PGFILTER

Contents of the 'Scheduled Tasks' folder
"2007-09-03 20:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 13:36:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 13:36:58
C:\ComboFix-quarantined-files.txt ... 2007-09-04 13:36
C:\ComboFix2.txt ... 2007-09-04 12:50

--- E O F ---


HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:48 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.Desktop\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {997D18C3-CE84-497F-84EB-FAE83A011F44} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10154 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 September 2007 - 12:58 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {997D18C3-CE84-497F-84EB-FAE83A011F44} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Restart your pc.
Post the Activescan report and a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#7 uks2h

uks2h
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 September 2007 - 02:12 PM

I am having trouble running the Panda Active Scan. However, the HijackThis stuff worked just fine.

I get to the point where ActiveScan updates itself and then it shows the screen where I am supposed to be able to choose to scan the local disks and just says errors on page.

I haven't seen the pop-ups come up at all yet, but the computer is still running a bit weird. Just reaction problems seem to take a bit longer than they should, and it just seems like the PC is using a lot of memory, but I can't figure out what on.

I'll post this HijackThis and see if you see anything that it could be:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:58 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner.Desktop\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9993 bytes

Edited by uks2h, 04 September 2007 - 02:13 PM.


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 September 2007 - 03:06 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Let me know how your pc is running now.


Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.
Posted Image
Posted Image

#9 uks2h

uks2h
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 September 2007 - 08:48 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2007 at 05:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 01:12:56

Memory items scanned : 648
Memory threats detected : 0
Registry items scanned : 7818
Registry threats detected : 0
File items scanned : 71744
File threats detected : 372

Adware.Tracking Cookie
C:\Documents and Settings\Owner.Desktop\Cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@a.websponsors[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.epilot[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ad1.clickhype[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@imrworldwide[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.cnn[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@c5.zedo[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@dealtime[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.clicksmart[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@enhance[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.webstat[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@list[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ad.acceleratorusa[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@popularscreensavers[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@sportingnews.122.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@publishers.clickbooth[4].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@pornoamateurs[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads4.blastro[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@pwinsiderelite[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adserver.easyad[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@emarketmakers[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[5].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adultadworld[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.belointeractive[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@xxxuploads[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@google-counter[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.xxxuploads[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@mcclatchy.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ad.abum[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@realnetworks.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@lynxtrack[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@cbs.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[8].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www4.dealtime[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[7].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@rambler[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.entrepreneur[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@cnn.122.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@pch.122.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@precisionclick[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@hotlog[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@track.searchignite[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@try.starware[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.webstat[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@media.mtvnservices[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@pro-market[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[4].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.espn.adsonar[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@67.15.239[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@web4.realtracker[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adultfriendfinder[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@entrepreneur[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@indiads[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@buzznet.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@gcc-06.googleadservices[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@da-tracking[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads3.blastro[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@goclick[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ehg.hitbox[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.burstbeacon[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads2.blastro[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@epilot[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads.auctionads[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@s.clickability[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@net-revenue[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@67.15.239[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@reduxads.valuead[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@h.starware[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@marthastewart.122.2o7[1].txt
C:\Documents and Settings\MCX3\Cookies\mcx3@2o7[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads2.blastro[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads3.blastro[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ads4.blastro[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@ar.atwola[3].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@click.absoluteagency[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@clickaider[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@counter.top.dating[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@imageads2.googleadservices[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@imageads2.googleadservices[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@itnnetmedia[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@publishers.clickbooth[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@publishers.clickbooth[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@vhost.oddcast[2].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.advertyz[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.clickxchange[1].txt
C:\Documents and Settings\Owner.Desktop\Cookies\owner@www.popunderserver[1].txt
D:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt
D:\Documents and Settings\Scott\Cookies\scott@a.websponsors[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ad1.clickhype[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adbrite[2].txt
D:\Documents and Settings\Scott\Cookies\scott@adcentriconline[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adecn[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adinterax[2].txt
D:\Documents and Settings\Scott\Cookies\scott@adknowledge[1].txt
D:\Documents and Settings\Scott\Cookies\scott@admarketplace[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adopt.euroclick[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adopt.specificclick[2].txt
D:\Documents and Settings\Scott\Cookies\scott@adrevolver[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adrevolver[3].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.active[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.addynamix[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.as4x.tmcs.ticketmaster[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.as4x.tmcs[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.belointeractive[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.expedia[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.guardian.co[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.mininova[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adserver.adreactor[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adserver.hostinteractive[2].txt
D:\Documents and Settings\Scott\Cookies\scott@adserver[1].txt
D:\Documents and Settings\Scott\Cookies\scott@adtech[2].txt
D:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
D:\Documents and Settings\Scott\Cookies\scott@anad.tacoda[1].txt
D:\Documents and Settings\Scott\Cookies\scott@anat.tacoda[1].txt
D:\Documents and Settings\Scott\Cookies\scott@apmebf[2].txt
D:\Documents and Settings\Scott\Cookies\scott@as-eu.falkag[1].txt
D:\Documents and Settings\Scott\Cookies\scott@as-us.falkag[1].txt
D:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt
D:\Documents and Settings\Scott\Cookies\scott@atwola[2].txt
D:\Documents and Settings\Scott\Cookies\scott@audit.median[1].txt
D:\Documents and Settings\Scott\Cookies\scott@banner.goldenpalace[2].txt
D:\Documents and Settings\Scott\Cookies\scott@banners.noticiasdot[1].txt
D:\Documents and Settings\Scott\Cookies\scott@belnk[1].txt
D:\Documents and Settings\Scott\Cookies\scott@bet.122.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@bizrate[1].txt
D:\Documents and Settings\Scott\Cookies\scott@bluestreak[2].txt
D:\Documents and Settings\Scott\Cookies\scott@burstnet[1].txt
D:\Documents and Settings\Scott\Cookies\scott@casalemedia[2].txt
D:\Documents and Settings\Scott\Cookies\scott@cbs.112.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@citi.bridgetrack[2].txt
D:\Documents and Settings\Scott\Cookies\scott@clicksor[1].txt
D:\Documents and Settings\Scott\Cookies\scott@clicktorrent[2].txt
D:\Documents and Settings\Scott\Cookies\scott@count1.exitexchange[1].txt
D:\Documents and Settings\Scott\Cookies\scott@counter.auctionworks[2].txt
D:\Documents and Settings\Scott\Cookies\scott@counter.inkfrog[2].txt
D:\Documents and Settings\Scott\Cookies\scott@counter13.sextracker[2].txt
D:\Documents and Settings\Scott\Cookies\scott@counter16.sextracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@counter2.hitslink[2].txt
D:\Documents and Settings\Scott\Cookies\scott@counter3.sextracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@counter5.sextracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@counter6.sextracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@cpvfeed[1].txt
D:\Documents and Settings\Scott\Cookies\scott@cs.sexcounter[2].txt
D:\Documents and Settings\Scott\Cookies\scott@cz7.clickzs[2].txt
D:\Documents and Settings\Scott\Cookies\scott@data1.perf.overture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@data3.perf.overture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@dealtime[1].txt
D:\Documents and Settings\Scott\Cookies\scott@dist.belnk[2].txt
D:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfk4ancpecp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfkoukdjeeo.stats.esomniture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wflysjcpoeq.stats.esomniture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfmyoldjggp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgk4aic5sfp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkishc5glo.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkyoidjwgo.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjkowjajwdp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjkycgcjgdp.stats.esomniture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjkyolc5abo.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjkysoc5odo.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjlicldzkdo.stats.esomniture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjlocoazwbp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjmygpdpchp.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjnyggdzkdo.stats.esomniture[2].txt
D:\Documents and Settings\Scott\Cookies\scott@edge.ru4[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-bestbuy.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-bizjournals.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-dig.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-esignal.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-gamespot.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-ifilm.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-iwantoneofthose.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-knightridder.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-logantod.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-newegg.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-theactivenetwork.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-ubid.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-vcommercecorporation.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@ehg-warnerbrothers.hitbox[2].txt
D:\Documents and Settings\Scott\Cookies\scott@exitexchange[2].txt
D:\Documents and Settings\Scott\Cookies\scott@fastclick[1].txt
D:\Documents and Settings\Scott\Cookies\scott@flixbanner.bearshare[1].txt
D:\Documents and Settings\Scott\Cookies\scott@gettyimages.122.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@h.starware[2].txt
D:\Documents and Settings\Scott\Cookies\scott@hc2.humanclick[1].txt
D:\Documents and Settings\Scott\Cookies\scott@hg1.hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@hitbox[1].txt
D:\Documents and Settings\Scott\Cookies\scott@hollywoodentertainment.122.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@hotlog[2].txt
D:\Documents and Settings\Scott\Cookies\scott@icc.intellisrv[2].txt
D:\Documents and Settings\Scott\Cookies\scott@image.masterstats[1].txt
D:\Documents and Settings\Scott\Cookies\scott@interclick[2].txt
D:\Documents and Settings\Scott\Cookies\scott@itxt.vibrantmedia[1].txt
D:\Documents and Settings\Scott\Cookies\scott@jcrew.112.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@kanoodle[1].txt
D:\Documents and Settings\Scott\Cookies\scott@linksynergy[1].txt
D:\Documents and Settings\Scott\Cookies\scott@livenation.122.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@luggagepointcom.112.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@maxserving[2].txt
D:\Documents and Settings\Scott\Cookies\scott@media.adrevolver[2].txt
D:\Documents and Settings\Scott\Cookies\scott@mediaplex[2].txt
D:\Documents and Settings\Scott\Cookies\scott@monstersandcritics.advertserve[1].txt
D:\Documents and Settings\Scott\Cookies\scott@network.realmedia[2].txt
D:\Documents and Settings\Scott\Cookies\scott@newsinteractive.112.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@nextag[1].txt
D:\Documents and Settings\Scott\Cookies\scott@offers.intermediainteractive[1].txt
D:\Documents and Settings\Scott\Cookies\scott@partner2profit[2].txt
D:\Documents and Settings\Scott\Cookies\scott@partypoker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@perf.overture[1].txt
D:\Documents and Settings\Scott\Cookies\scott@qksrv[2].txt
D:\Documents and Settings\Scott\Cookies\scott@qnsr[1].txt
D:\Documents and Settings\Scott\Cookies\scott@questionmarket[2].txt
D:\Documents and Settings\Scott\Cookies\scott@realmedia[2].txt
D:\Documents and Settings\Scott\Cookies\scott@redorbit[1].txt
D:\Documents and Settings\Scott\Cookies\scott@regalinteractive[2].txt
D:\Documents and Settings\Scott\Cookies\scott@revenue[2].txt
D:\Documents and Settings\Scott\Cookies\scott@revsci[2].txt
D:\Documents and Settings\Scott\Cookies\scott@s.clickability[2].txt
D:\Documents and Settings\Scott\Cookies\scott@screensavers[2].txt
D:\Documents and Settings\Scott\Cookies\scott@server.iad.liveperson[1].txt
D:\Documents and Settings\Scott\Cookies\scott@serving-sys[2].txt
D:\Documents and Settings\Scott\Cookies\scott@sexlist[2].txt
D:\Documents and Settings\Scott\Cookies\scott@sextracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@sexysportschicks[1].txt
D:\Documents and Settings\Scott\Cookies\scott@soundtracks.monstersandcritics[1].txt
D:\Documents and Settings\Scott\Cookies\scott@stat.dealtime[2].txt
D:\Documents and Settings\Scott\Cookies\scott@statcounter[2].txt
D:\Documents and Settings\Scott\Cookies\scott@statse.webtrendslive[1].txt
D:\Documents and Settings\Scott\Cookies\scott@stats[2].txt
D:\Documents and Settings\Scott\Cookies\scott@tacoda[2].txt
D:\Documents and Settings\Scott\Cookies\scott@tagworld[1].txt
D:\Documents and Settings\Scott\Cookies\scott@tracker.myspacemaps[1].txt
D:\Documents and Settings\Scott\Cookies\scott@tradedoubler[1].txt
D:\Documents and Settings\Scott\Cookies\scott@trafficmp[1].txt
D:\Documents and Settings\Scott\Cookies\scott@tribalfusion[1].txt
D:\Documents and Settings\Scott\Cookies\scott@tripod[1].txt
D:\Documents and Settings\Scott\Cookies\scott@try.screensavers[1].txt
D:\Documents and Settings\Scott\Cookies\scott@try.starware[1].txt
D:\Documents and Settings\Scott\Cookies\scott@vip.clickzs[2].txt
D:\Documents and Settings\Scott\Cookies\scott@web4.realtracker[1].txt
D:\Documents and Settings\Scott\Cookies\scott@webpower[1].txt
D:\Documents and Settings\Scott\Cookies\scott@webstats4u[1].txt
D:\Documents and Settings\Scott\Cookies\scott@wholesalemarketer.122.2o7[1].txt
D:\Documents and Settings\Scott\Cookies\scott@www.admedian[1].txt
D:\Documents and Settings\Scott\Cookies\scott@www.burstbeacon[2].txt
D:\Documents and Settings\Scott\Cookies\scott@www.clickthroughtracker[2].txt
D:\Documents and Settings\Scott\Cookies\scott@www.dgm2[1].txt
D:\Documents and Settings\Scott\Cookies\scott@www.fatpenguinmedia[2].txt
D:\Documents and Settings\Scott\Cookies\scott@www.isexasian[2].txt
D:\Documents and Settings\Scott\Cookies\scott@www.macromedia[1].txt
D:\Documents and Settings\Scott\Cookies\scott@www.redorbit[1].txt
D:\Documents and Settings\Scott\Cookies\scott@www.soundtrackcollector[1].txt
D:\Documents and Settings\Scott\Cookies\scott@xxxcounter[1].txt
D:\Documents and Settings\Scott\Cookies\scott@yadro[1].txt
D:\Documents and Settings\Scott\Cookies\scott@yieldmanager[2].txt
D:\Documents and Settings\Scott\Cookies\scott@z1.adserver[1].txt
D:\Documents and Settings\Scott\Cookies\scott@zedo[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@2o7[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@ad.yieldmanager[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@adknowledge[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@adopt.specificclick[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@advertising[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@atdmt[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@banner[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@burstnet[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@doubleclick[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@fastclick[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@geo.precisionclick[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@questionmarket[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@realmedia[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@revsci[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@tacoda[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@trafficmp[1].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@tribalfusion[2].txt
D:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@www.burstbeacon[1].txt

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP241\A0023742.EXE

Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP195\A0019267.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019318.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP206\A0019913.VBS

Trojan.NetMon/DNSChange
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019319.EXE

BearShare File Sharing Client
D:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE



BitDefender Online Scanner







Scan report generated at: Tue, Sep 04, 2007 - 20:14:57









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;















Statistics

Time


02:19:19

Files


617241

Folders


14535

Boot Sectors


5

Archives


24572

Packed Files


38300







Results

Identified Viruses


21

Infected Files


51

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


90







Engines Info

Virus Definitions


775856

Engine build


AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\Topdesk.rar=>TopDeskSetup.exe


Infected with: Trojan.Favadd.BE

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\Topdesk.rar=>TopDeskSetup.exe


Disinfection failed

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\Topdesk.rar=>TopDeskSetup.exe


Deleted

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\Topdesk.rar


Update failed

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\TopDeskSetup.exe


Infected with: Trojan.Favadd.BE

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\TopDeskSetup.exe


Disinfection failed

C:\Documents and Settings\Owner.Desktop\Desktop\Captain Hook\LOOK LIKE VISTA\TopDeskSetup.exe


Deleted

C:\Program Files\ESET\infected\1FG2THBA.NQF=>(Quarantine-PE)


Infected with: Generic.Virtumonde.1.444A2877

C:\Program Files\ESET\infected\1FG2THBA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\ESET\infected\1FG2THBA.NQF=>(Quarantine-PE)


Deleted

C:\Program Files\ESET\infected\5NQYYOBA.NQF


Infected with: Exploit.HTML.Ascii.A

C:\Program Files\ESET\infected\5NQYYOBA.NQF


Disinfection failed

C:\Program Files\ESET\infected\5NQYYOBA.NQF


Deleted

C:\Program Files\ESET\infected\I1WWIDAA.NQF=>(Quarantine-PE)


Infected with: MemScan:Trojan.Virtumod.AMA

C:\Program Files\ESET\infected\I1WWIDAA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\ESET\infected\I1WWIDAA.NQF=>(Quarantine-PE)


Deleted

C:\Program Files\ESET\infected\NUSWLJCA.NQF=>(Quarantine-PE)


Infected with: Trojan.JuanSearch.B

C:\Program Files\ESET\infected\NUSWLJCA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\ESET\infected\NUSWLJCA.NQF=>(Quarantine-PE)


Deleted

C:\Program Files\ESET\infected\SEIPCEAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.Small.BUY

C:\Program Files\ESET\infected\SEIPCEAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\Program Files\ESET\infected\SEIPCEAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\Program Files\ESET\infected\SEIPCEAA.NQF=>(Quarantine-PE)=>(NSIS o)


Update failed

C:\Program Files\ESET\infected\UPAYQ0DA.NQF=>(Quarantine-PE)


Infected with: Trojan.Clicker.Agent.NP

C:\Program Files\ESET\infected\UPAYQ0DA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\ESET\infected\UPAYQ0DA.NQF=>(Quarantine-PE)


Deleted

C:\Program Files\ESET\infected\Z5ZM5ZCA.NQF=>(Quarantine-PE)


Infected with: Rootkit.Agent.EV

C:\Program Files\ESET\infected\Z5ZM5ZCA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\ESET\infected\Z5ZM5ZCA.NQF=>(Quarantine-PE)


Deleted

C:\qoobox\Quarantine\C\WINDOWS\b128.exe.bin.vir=>archstored:b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.Purityscan.EH

C:\qoobox\Quarantine\C\WINDOWS\b128.exe.bin.vir=>archstored:b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\b128.exe.bin.vir=>archstored:b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\qoobox\Quarantine\C\WINDOWS\b128.exe.bin.vir=>archstored:b128.exe=>(NSIS o)


Update failed

C:\qoobox\Quarantine\catchme2007-09-04_124459.31.zip=>core.sys


Infected with: Rootkit.Agent.EV

C:\qoobox\Quarantine\catchme2007-09-04_124459.31.zip=>core.sys


Disinfection failed

C:\qoobox\Quarantine\catchme2007-09-04_124459.31.zip=>core.sys


Deleted

C:\qoobox\Quarantine\catchme2007-09-04_124459.31.zip


Updated

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019317.dll


Detected with: Adware.Sqwire.C

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019317.dll


Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019317.dll


Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019320.exe


Infected with: Trojan.Small.OA

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019320.exe


Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019320.exe


Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019321.exe


Infected with: Trojan.Popwin.DE

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019321.exe


Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP196\A0019321.exe


Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP206\A0019912.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP206\A0019912.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP206\A0019912.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP206\A0019912.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023990.exe


Infected with: Trojan.Favadd.BE

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023990.exe


Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023990.exe


Deleted

C:\WINDOWS\Icon_Patcher\tools\wfpdisable.exe


Infected with: Trojan.Wfpdis.A

C:\WINDOWS\Icon_Patcher\tools\wfpdisable.exe


Disinfection failed

C:\WINDOWS\Icon_Patcher\tools\wfpdisable.exe


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\0D824862.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\0D824862.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\0D824862.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\13240C96=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.OY

D:\Program Files\Norton AntiVirus\Quarantine\13240C96=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\13240C96=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\20FB499D.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\20FB499D.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\20FB499D.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\267D47E7.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\Program Files\Norton AntiVirus\Quarantine\267D47E7.dll=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\267D47E7.dll=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\269B41C7.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\Program Files\Norton AntiVirus\Quarantine\269B41C7.dll=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\269B41C7.dll=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\28126AE0.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\28126AE0.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\28126AE0.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\28174F5B.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.RG

D:\Program Files\Norton AntiVirus\Quarantine\28174F5B.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\28174F5B.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\2E503D46.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\2E503D46.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\2E503D46.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\456450E7.emf=>(Quarantine-2)


Infected with: Exploit.Win32.WMF-PFV

D:\Program Files\Norton AntiVirus\Quarantine\456450E7.emf=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\456450E7.emf=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\4FA52B2A=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\4FA52B2A=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\4FA52B2A=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\55081E5D=>(Quarantine-2)


Infected with: Trojan.Clicker.Small.JS

D:\Program Files\Norton AntiVirus\Quarantine\55081E5D=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\55081E5D=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\5B2B4A4D.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Small.DAM

D:\Program Files\Norton AntiVirus\Quarantine\5B2B4A4D.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\5B2B4A4D.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\66D42FCC.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.RG

D:\Program Files\Norton AntiVirus\Quarantine\66D42FCC.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\66D42FCC.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\6A974AA4.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\Program Files\Norton AntiVirus\Quarantine\6A974AA4.dll=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\6A974AA4.dll=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\6BAC3B72.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\Program Files\Norton AntiVirus\Quarantine\6BAC3B72.dll=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\6BAC3B72.dll=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\73112D73.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\73112D73.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\73112D73.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\794E0113.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\794E0113.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\794E0113.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\79576D7A.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\Program Files\Norton AntiVirus\Quarantine\79576D7A.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\79576D7A.exe=>(Quarantine-2)


Deleted

D:\Program Files\Norton AntiVirus\Quarantine\7B915635.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.AAN

D:\Program Files\Norton AntiVirus\Quarantine\7B915635.exe=>(Quarantine-2)


Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\7B915635.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023994.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023994.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023994.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023995.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023995.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023995.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023996.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023996.dll=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023996.dll=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023997.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023997.dll=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023997.dll=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023998.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023998.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023998.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023999.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.RG

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023999.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0023999.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024000.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024000.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024000.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024001.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Small.DAM

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024001.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024001.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024002.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.RG

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024002.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024002.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024003.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024003.dll=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024003.dll=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024004.dll=>(Quarantine-2)


Infected with: Trojan.Proxy.Lager.AQ

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024004.dll=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024004.dll=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024005.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024005.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024005.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024006.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024006.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024006.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024007.exe=>(Quarantine-2)


Infected with: Win32.FpuJunk.2

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024007.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024007.exe=>(Quarantine-2)


Deleted

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024008.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.AAN

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024008.exe=>(Quarantine-2)


Disinfection failed

D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP243\A0024008.exe=>(Quarantine-2)


Deleted

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 September 2007 - 03:08 AM

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Turn 'System Restore' back on:

Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#11 uks2h

uks2h
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 05 September 2007 - 10:15 AM

My computer is now running with a lot fewer pop-ups.

I did have one question though. I don't have an antivirus program because I don't want to pay for one. Is there any good free antivirus programs that you recommend?

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:10 AM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.Desktop\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170316344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10710 bytes

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 September 2007 - 10:31 AM

My computer is now running with a lot fewer pop-ups.

So are you still getting popups or not please.

As for antivirus,according to your log you've got NOD32 installed.

If you still require a free virus protection then download one of the following.
Remove NOD32 before installing the free antivirus.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/


With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.
If you're not using Windows Firewall,or you require a more robust third party firewall then download\install one of the following freeware choices:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

Post a new Hijackthis log when you've finished the above.
Let me know if you're still experiencing issues.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users