Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It Started With Trojan.backdoor.generic.9.auxx


  • This topic is locked This topic is locked
6 replies to this topic

#1 lauren0328

lauren0328

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 16 June 2008 - 11:44 AM

everything started with my virus program saying I was infected with a trojan [trojan.BackDoor.generic.9.auux] I immediatly ran a full system scan and began following this procedure [http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview] starting with a scan with HiJack This and saved the log.
here is a copy of that log:
gfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:51 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198262269874
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.93.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by123fd.bay123.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9154 bytes



well I have done the procedure step by step and I'm still infected. heres some of trojans I found on the last scan I did in safe mode:

09069067.FIL.OLD;C:\$VAULT$.AVG;Win32.HLLM.Netsky.35328;Deleted.;
14314833.FIL.OLD;C:\$VAULT$.AVG;Trojan.PWS.Infrared;Deleted.;
14343584.FIL.OLD;C:\$VAULT$.AVG;Trojan.PWS.Infrared;Deleted.;
18216784.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
18230423.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
18238605.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
18291822.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
18295797.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
18359749.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
18393017.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
18423101.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
18431653.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
27289012.FIL.OLD;C:\$VAULT$.AVG;BackDoor.Generic.370;Deleted.;
27289834.FIL.OLD;C:\$VAULT$.AVG;Tool.WebCrack;Incurable.Deleted.;
40959907.FIL.OLD;C:\$VAULT$.AVG;BackDoor.Generic.370;Deleted.;
40960998.FIL.OLD;C:\$VAULT$.AVG;BackDoor.Generic.370;Deleted.;
40961149.FIL.OLD;C:\$VAULT$.AVG;Tool.WebCrack;Incurable.Deleted.;
40962611.FIL.OLD;C:\$VAULT$.AVG;BackDoor.Mbot.50;Deleted.;
40962661.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Incurable.Moved.;
40962861.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
40962901.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
40962971.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
40963011.FIL.OLD;C:\$VAULT$.AVG;BackDoor.SubSeven.22;Deleted.;
40963071.FIL.OLD;C:\$VAULT$.AVG;Tool.WebCrack;Incurable.Moved.;
58016957.FIL.OLD;C:\$VAULT$.AVG;Win32.HLLM.Netsky.35328;Deleted.;
regLocal.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups;Probably SCRIPT.Virus;Incurable.Deleted.;
A0012253.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Win32.HLLM.Netsky.35328;Deleted.;
A0012254.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Trojan.PWS.Infrared;Deleted.;
A0012255.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Trojan.PWS.Infrared;Deleted.;
A0012256.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012257.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012258.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012259.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012260.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012261.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012262.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012263.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012264.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012265.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.Generic.370;Deleted.;
A0012266.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.Generic.370;Deleted.;
A0012267.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.Generic.370;Deleted.;
A0012268.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.Mbot.50;Deleted.;
A0012269.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Incurable.Moved.;
A0012270.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012271.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012272.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012273.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;BackDoor.SubSeven.22;Deleted.;
A0012274.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Win32.HLLM.Netsky.35328;Deleted.;

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:40 PM

Posted 16 June 2008 - 04:24 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 lauren0328

lauren0328
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 16 June 2008 - 08:24 PM

Hi sam thank you for assisting me I appreciate it!



Deckard's System Scanner v20071014.68
Run by Paul Liniger on 2008-06-16 18:19:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-06-17 01:19:13 UTC - RP26 - Deckard's System Scanner Restore Point
6: 2008-06-16 04:33:30 UTC - RP25 - Removed DatalogViewer
5: 2008-06-16 03:56:22 UTC - RP24 - Installed Ad-Aware
4: 2008-06-16 03:50:09 UTC - RP23 - Removed Rhapsody Player Engine
3: 2008-06-16 03:46:48 UTC - RP22 - Removed Digital Locker Assistant


-- First Restore Point --
1: 2008-05-29 02:08:27 UTC - RP20 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Paul Liniger.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:02 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Liniger\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Paul Liniger.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198262269874
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5904 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Pantech&Curitel Utility Service - c:\program files\utstarcom\sprint\sprint pcs connection manager\pncutilityservice.exe (file missing)
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 odserv (Microsoft Office Diagnostics Service) - "c:\program files\common files\microsoft shared\office12\odserv.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 16:00:00 420 --ah----- C:\WINDOWS\Tasks\{9D8947E7-B633-4D30-9539-D772966B33FC}_CSPRINGSLAPTOP_Paul Liniger.job
2008-06-16 13:17:00 462 --a------ C:\WINDOWS\Tasks\WebReg 20070220131748.job
2008-06-15 22:18:00 462 --a------ C:\WINDOWS\Tasks\WebReg 20070501221837.job
2008-05-06 09:00:00 420 --ah----- C:\WINDOWS\Tasks\{290CE018-4D8C-4292-9837-4F0BF8767E64}_CSPRINGSLAPTOP_Paul Liniger.job
2008-05-02 20:46:48 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-08 17:00:00 420 --ah----- C:\WINDOWS\Tasks\{C5327D2B-D210-479E-BD6C-62869480A949}_CSPRINGSLAPTOP_Paul Liniger.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 05:01:21 0 dr-h----- C:\Documents and Settings\Paul Liniger\Recent
2008-06-16 04:47:55 0 d-------- C:\Documents and Settings\Paul Liniger\Application Data\Grisoft
2008-06-16 04:35:12 0 d-------- C:\Documents and Settings\Paul Liniger\Application Data\Malwarebytes
2008-06-16 04:34:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 04:34:58 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 04:24:33 0 d-------- C:\Program Files\EsetOnlineScanner
2008-06-16 00:30:51 0 d-------- C:\Documents and Settings\Paul Liniger\DoctorWeb
2008-06-15 20:56:25 0 d-------- C:\Program Files\Lavasoft
2008-06-15 20:56:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 20:55:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 20:45:26 0 d-------- C:\Program Files\CCleaner
2008-06-15 20:41:20 0 d-------- C:\Program Files\Trend Micro
2008-06-08 01:24:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-15 20:55:37 0 d-------- C:\Program Files\Common Files
2008-06-15 20:55:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 20:50:17 0 d-------- C:\Program Files\Real
2008-06-15 20:49:11 0 d-------- C:\Program Files\Micrografx
2008-06-15 20:47:12 0 d-------- C:\Program Files\Siber Systems
2008-06-15 20:47:10 0 d-------- C:\Documents and Settings\Paul Liniger\Application Data\GoodSync
2008-06-15 20:35:09 0 d-------- C:\Documents and Settings\Paul Liniger\Application Data\AVG7
2008-05-12 14:38:10 0 d-------- C:\Program Files\Nissan DataScan
2008-04-21 01:58:26 0 d-------- C:\Program Files\Yahoo!
2008-04-21 01:55:54 0 dr-h----- C:\Documents and Settings\Paul Liniger\Application Data\yahoo!
2008-04-20 07:58:54 0 d-------- C:\Documents and Settings\Paul Liniger\Application Data\ArcSoft
2008-03-30 08:42:39 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-30 08:42:39 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\Paul Liniger\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=C:\Program Files\Apoint\Apoint.exe
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1daa0576-bd6e-11dc-a69e-00904b71a4f3}]
AutoRun\command- setupSNK.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-16 18:22:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1200MHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1022.21 MiB / 660.47 MiB
Pagefile Memory (total/avail): 1119.45 MiB / 819.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.2 MiB

C: is Fixed (NTFS) - 18.59 GiB total, 3.68 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N020ATMR04-0 - 18.63 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 18.59 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe:*:Enabled:Microsoft Management Console"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Paul Liniger\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Paul Liniger
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PAULLI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PAULLI~1\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Paul Liniger
USERPROFILE=C:\Documents and Settings\Paul Liniger
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Paul Liniger (admin)
Guest.PAULLAPTOP (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{12B09031-A7E1-43B1-AC8C-A202B676B556}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{181934AF-3E7B-450D-804F-2B812E018ED1}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSend Topo US --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94CD45D0-58D3-11D5-B35E-00E02934C09B}\setup.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2007 --> MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PCI 7510 CardBus Controller with SmartCard and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F} /l1033
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
the Cygnal CP2101 USB to UART Bridge Controller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91BE5A01-2A0B-4FCB-89D5-23F6778EFA74}\Setup.exe" -l0x9
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type598 / Warning
Event Submitted/Written: 06/16/2008 01:34:19 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type597 / Warning
Event Submitted/Written: 06/16/2008 00:50:09 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type595 / Error
Event Submitted/Written: 06/16/2008 00:39:46 AM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Event Record #/Type554 / Warning
Event Submitted/Written: 06/08/2008 01:07:12 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120000-0019-0000-0000-0000000FF1CE}', feature 'PubPrimary' failed during request for component '{0638C49D-BB8B-4CD1-B191-05CE8F325736}'

Event Record #/Type553 / Warning
Event Submitted/Written: 06/08/2008 01:07:12 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91120000-0019-0000-0000-0000000FF1CE}', feature 'PubPrimary', component '{E324A555-8797-48DE-829E-3C4A66C41FA2}' failed. The resource 'C:\Program Files\Microsoft Office\Office12\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4277 / Error
Event Submitted/Written: 06/16/2008 06:21:28 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type4275 / Warning
Event Submitted/Written: 06/16/2008 06:15:29 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type4274 / Error
Event Submitted/Written: 06/16/2008 06:15:28 PM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {FAD92301-44F6-4F12-9577-BD01D816CCD4} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Event Record #/Type4271 / Warning
Event Submitted/Written: 06/16/2008 06:15:28 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.49.79 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type4270 / Warning
Event Submitted/Written: 06/16/2008 06:15:28 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.39.124 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.



-- End of Deckard's System Scanner: finished at 2008-06-16 18:22:24 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:40 PM

Posted 17 June 2008 - 08:32 AM

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 lauren0328

lauren0328
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 17 June 2008 - 02:23 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2008 at 12:07 PM

Application Version : 4.15.1000

Core Rules Database Version : 3483
Trace Rules Database Version: 1474

Scan type : Complete Scan
Total Scan Time : 00:50:48

Memory items scanned : 349
Memory threats detected : 0
Registry items scanned : 5864
Registry threats detected : 0
File items scanned : 21573
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ads.revsci[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@specificclick[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@questionmarket[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@trafficmp[2].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ad.yieldmanager[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@revsci[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@adopt.euroclick[2].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@atwola[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@adopt.specificclick[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ads.showbizspy[2].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@media6degrees[2].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@tribalfusion[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@realmedia[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@tacoda[2].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ads.bridgetrack[1].txt
C:\Documents and Settings\Paul Liniger\Cookies\paul_liniger@ads.pointroll[1].txt
.2o7.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.sales.liveperson.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.sales.liveperson.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.sales.liveperson.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
.www.googleadservices.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
stats.manticoretechnology.com [ C:\Documents and Settings\Guest.PAULLAPTOP\Application Data\Mozilla\Firefox\Profiles\i0wfbgs1.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tjx.112.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
tremor.adbureau.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.advertlets.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
adserver.rawkus.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
optimize.indieclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.teenvogue.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.teenvogue.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.hearstmagazines.112.2o7.net [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Paul Liniger\Application Data\Mozilla\Firefox\Profiles\voey34og.default\cookies.txt ]

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:40 PM

Posted 18 June 2008 - 09:01 AM

Please post a new log from DSS.
Are you still getting an indication that you are infected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:40 PM

Posted 01 July 2008 - 11:46 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users