Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Zedo Virus


  • Please log in to reply
1 reply to this topic

#1 llmpfj

llmpfj

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 27 June 2008 - 06:11 PM

(some of this text was plaguerized from someone who'd written up the same problem)

I apparently have a virus that automatically leads to Zedo.

The problem occurs on both IE and Firefox 3.0.

The problem is simple, but incredibly annoying;

Firefox starts without me opening it - and displays an ad. I close the window and a new one opens 1 min later. The ads are so frequent and numerous that I can't get much else done on the computer. In IE, the new ad will close all previous browser windows. In Firefox it will create a new tab.

When the new browser window first opens, the URL usually says, <http://popads123.com.....>.

Then the URL changes automatically to, <http://c5.zedo.com.....>.

Then it changes again to, a random AD company's URL - dating service, or whatever.

I have cleaned out the temporary files, set cookies to always prompt, tried to block through the host file, run some tools on the advice of a web posting with the same problem (Hijack This, ComboFix) but I don't know what to do with the results of these tools. I wasn't able to run some of the recommended tools mentioned in the web post (Eset) because of the browser popups.

Help, please! DSS and Kaspersky logs follow:

Deckard's System Scanner v20071014.68
Run by Peggy Johnson on 2008-06-27 15:43:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-06-27 22:44:09 UTC - RP697 - Deckard's System Scanner Restore Point
74: 2008-06-27 03:59:06 UTC - RP696 - Unsigned driver install
73: 2008-06-27 03:29:35 UTC - RP695 - Unsigned driver install
72: 2008-06-22 23:32:54 UTC - RP694 - Removed Java™ 6 Update 2
71: 2008-06-22 23:31:33 UTC - RP693 - Removed J2SE Runtime Environment 5.0 Update 10


-- First Restore Point --
1: 2008-03-25 00:08:36 UTC - RP623 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Peggy Johnson.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:21 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peggy Johnson\Desktop\dss.exe
C:\DOCUME~1\PEGGYJ~1\Desktop\Peggy Johnson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\Netscape\users\PEGGY~1.JOH\BOOKMA~1.HTM\NETSCA~1\pbhelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: backup2E.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: mbwjoboj - {89a08c8a-d611-4321-9ec5-8665d3faf316} - C:\Documents and Settings\All Users\Application Data\mbwjoboj.dll
O23 - Service: McAfee Application Installer Cleanup (0155711214583851) (0155711214583851mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015571~1.EXE (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11882 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 NCUpdateSvc (Netscape Update Service) - c:\program files\netscape internet service\ncupdatesvc.exe
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 0155711214583851mcinstcleanup (McAfee Application Installer Cleanup (0155711214583851)) - c:\windows\temp\015571~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2006-11-17 10:36:14 280 --ah----- C:\WINDOWS\Tasks\McDefragTask.job
2006-11-17 10:36:12 368 --ah----- C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 09:24:08 0 d-------- C:\WINDOWS\LastGood
2008-06-26 21:15:35 0 d-------- C:\Program Files\EsetOnlineScanner
2008-06-26 20:32:23 68096 --a------ C:\WINDOWS\zip.exe
2008-06-26 20:32:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-26 20:32:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-26 20:32:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 20:32:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 20:32:23 98816 --a------ C:\WINDOWS\sed.exe
2008-06-26 20:32:23 80412 --a------ C:\WINDOWS\grep.exe
2008-06-26 20:32:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 18:02:39 64179 --a------ C:\WINDOWS\system32\qpnnuxsmny.exe
2008-06-26 17:56:32 0 d-------- C:\WINDOWS\system32\7427
2008-06-22 11:45:14 0 d-------- C:\Program Files\BChanger
2008-06-22 11:45:03 0 d-------- C:\Program Files\GetPack
2008-06-22 09:28:10 0 d--h----- C:\WINDOWS\PIF
2008-06-21 11:21:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-21 11:20:58 118784 --a------ C:\Documents and Settings\All Users\Application Data\mbwjoboj.dll
2008-06-21 11:20:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-21 11:20:04 88537 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-21 11:19:57 0 d-------- C:\Program Files\GetModule
2008-06-21 11:19:54 0 d-------- C:\Program Files\iCheck
2008-06-04 13:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-27 15:35:04 0 d-------- C:\Documents and Settings\Peggy Johnson\Application Data\Skype
2008-06-27 09:24:06 0 d-------- C:\Program Files\McAfee
2008-06-22 17:29:00 0 d-------- C:\Documents and Settings\Peggy Johnson\Application Data\Mozilla
2008-06-22 16:33:10 0 d-------- C:\Program Files\Java
2008-06-22 16:28:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 16:28:13 0 d-------- C:\Program Files\Common Files
2008-06-22 15:06:35 0 d-------- C:\Program Files\Panasonic
2008-06-22 15:00:51 0 d-------- C:\Program Files\Dell
2008-06-18 18:27:46 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-04 13:10:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-04 13:08:03 0 d-------- C:\Documents and Settings\Peggy Johnson\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
06/19/2008 07:21 AM 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/14/2006 02:40 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 06:20 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 06:20 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/14/2006 02:49 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [03/21/2008 11:38 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/2003 12:38 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/25/2008 08:27 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [10/13/2006 06:20 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/22/2007 02:27 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [01/13/2008 06:10 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"GetModule19"="C:\Program Files\GetModule\GetModule19.exe" [06/17/2008 02:58 AM]
"GetPack19"="C:\Program Files\GetPack\GetPack19.exe" [06/17/2008 02:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Peggy Johnson\Start Menu\Programs\Startup\
backup2E.bat [11/5/2006 4:17:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/14/2006 2:37:03 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mbwjoboj"= {89a08c8a-d611-4321-9ec5-8665d3faf316} - C:\Documents and Settings\All Users\Application Data\mbwjoboj.dll [06/21/2008 11:20 AM 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-06-27 15:47:43 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 509.98 MiB / 215.74 MiB
Pagefile Memory (total/avail): 1248.78 MiB / 797.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.73 MiB

C: is Fixed (NTFS) - 71.46 GiB total, 54.96 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 93.34 GiB total, 78.29 GiB free.

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE1 - Maxtor 6 L100P0 USB Device - 93.36 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 93.36 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Peggy Johnson\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LLMPFJ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Peggy Johnson
LOGONSERVER=\\LLMPFJ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PEGGYJ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PEGGYJ~1\LOCALS~1\Temp
USERDOMAIN=LLMPFJ
USERNAME=Peggy Johnson
USERPROFILE=C:\Documents and Settings\Peggy Johnson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Peggy Johnson (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
BChanger --> C:\Program Files\BChanger\Uninstall.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
eBay Toolbar --> C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe -runfromtemp -l0x0009 eBay Toolbar -removeonly
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\qpnnuxsmny.exe
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google --> MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Speed Monitor --> C:\Program Files\iCheck\Uninstall.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee AntiSpyware --> MsiExec.exe /I{C75EE24E-AFF2-4A0A-A394-CED3DE255ECC}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Netscape Internet Service --> C:\Program Files\Netscape\users\peggy.johnson\bookmarks.htm\install.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73D9}
Netscape Web Accelerator --> C:\Program Files\Netscape\users\peggy.johnson\bookmarks.htm\Netscape Web Accelerator\accinst.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73E0}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PHOTOfunSTUDIO -viewer- --> C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x0009Package -removeonly
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SafeCast Shared Components --> C:\WINDOWS\CDAC13BA.EXE /uninstall
SCRABBLE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
URL Assistant --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1216 / Error
Event Submitted/Written: 06/27/2008 09:25:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1215 / Error
Event Submitted/Written: 06/27/2008 09:25:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1210 / Error
Event Submitted/Written: 06/26/2008 09:31:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x027ad040.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1196 / Error
Event Submitted/Written: 06/26/2008 06:24:40 PM
Event ID/Source: 1000 / Microsoft Office 11
Event Description:
Faulting application outlook.exe, version 11.0.8206.0, stamp 479fce0d, faulting module mso.dll, version 11.0.8202.0, stamp 47425767, debug? 0, fault address 0x0035bd02.

Event Record #/Type1195 / Error
Event Submitted/Written: 06/26/2008 06:23:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 11.0.8215.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20687 / Error
Event Submitted/Written: 06/27/2008 00:40:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type20659 / Error
Event Submitted/Written: 06/27/2008 09:18:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type20636 / Error
Event Submitted/Written: 06/26/2008 08:46:30 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Security Center service terminated with the following error:
%%16389

Event Record #/Type20628 / Warning
Event Submitted/Written: 06/26/2008 08:37:20 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type20625 / Error
Event Submitted/Written: 06/26/2008 08:33:40 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Plug and Play (RPC) service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-06-27 15:47:43 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 27, 2008 16:39:33
Records in database: 890203
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 129093
Threat name: 25
Infected objects: 138
Suspicious objects: 0
Duration of the scan: 05:08:05


File name / Threat name / Threats count
C:\Program Files_old Computer - leave here\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.t 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.q 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files_old Computer - leave here\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\07D30000.VBN Infected: Exploit.HTML.Mht 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\4CFB0000.VBN Infected: Exploit.HTML.Mht 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410000.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410001.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.i 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.k 2
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.i 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.k 2
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\82C50000.VBN Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\97D70000.VBN Infected: Exploit.HTML.Mht 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\AF270000.VBN Infected: Exploit.HTML.Mht 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan.Java.Femad 4
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan-Dropper.Win32.Small.ja 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DDFD0000.VBN Infected: Trojan-Downloader.Win32.Small.agq 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Exploit.Java.ByteVerify 2
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\F4350000.VBN Infected: Exploit.HTML.Mht 1
C:\QooBox\Quarantine\C\WINDOWS\444.471.vir Infected: Trojan-Downloader.Win32.Small.xpf 1
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.vaad 1
C:\QooBox\Quarantine\C\WINDOWS\portsv.exe.vir Infected: Trojan.Win32.Agent.sdd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bsm.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.bpn 1
C:\QooBox\Quarantine\catchme2008-06-26_203827.01.zip Infected: Trojan-Downloader.Win32.Agent.ulo 1
C:\WINDOWS\system32\iftuyszv.exe Infected: not-virus:Hoax.Win32.Renos.vaad 1
E:\Program Files_old Computer - leave here\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
E:\Program Files_old Computer - leave here\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.t 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.q 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\07D30000.VBN Infected: Exploit.HTML.Mht 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan.Java.Femad 4
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan-Dropper.Win32.Small.ja 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\82C50000.VBN Infected: Trojan-Downloader.Win32.Agent.ae 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410000.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410001.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.i 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.k 2
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.i 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.k 2
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\97D70000.VBN Infected: Exploit.HTML.Mht 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\F4350000.VBN Infected: Exploit.HTML.Mht 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\4CFB0000.VBN Infected: Exploit.HTML.Mht 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\AF270000.VBN Infected: Exploit.HTML.Mht 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Exploit.Java.ByteVerify 2
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
E:\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DDFD0000.VBN Infected: Trojan-Downloader.Win32.Small.agq 1
E:\backup\My Documents\Program Files_old Computer - leave here\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.t 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.q 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
E:\backup\My Documents\Program Files_old Computer - leave here\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\07D30000.VBN Infected: Exploit.HTML.Mht 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\4CFB0000.VBN Infected: Exploit.HTML.Mht 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410000.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410001.VBN Infected: Trojan-Clicker.Win32.Agent.dp 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.i 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410002.VBN Infected: Trojan.Java.ClassLoader.k 2
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.i 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\66410003.VBN Infected: Trojan.Java.ClassLoader.k 2
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\82C50000.VBN Infected: Trojan-Downloader.Win32.Agent.ae 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\97D70000.VBN Infected: Exploit.HTML.Mht 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\AF270000.VBN Infected: Exploit.HTML.Mht 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan.Java.Femad 4
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\C3970000.VBN Infected: Trojan-Dropper.Win32.Small.ja 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DDFD0000.VBN Infected: Trojan-Downloader.Win32.Small.agq 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Exploit.Java.ByteVerify 2
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\DF710000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
E:\backup\My Documents\Program Files_old Computer - leave here\Norton AntiVirus\Quarantine\F4350000.VBN Infected: Exploit.HTML.Mht 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 20 July 2008 - 03:36 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users