Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • This topic is locked This topic is locked
12 replies to this topic

#1 jhh3d

jhh3d

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 01 January 2006 - 12:46 AM

Computer has been getting pop-ups; pc-cillin has detected ADW Clicker.J, lop and maybe poka poka.

Here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:15 AM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cast list dumb intra] C:\Documents and Settings\All Users\Application Data\FLAW FLAG CAST LIST\Junk heck.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\newaim\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 02 January 2006 - 02:10 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKLM\..\Run: [cast list dumb intra] C:\Documents and Settings\All Users\Application Data\FLAW FLAG CAST LIST\Junk heck.exe
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab



* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\Documents and Settings\All Users\Application Data\FLAW FLAG CAST LIST
* * * *

Click on the Start button & select Run
Type in tasks & click Ok
In the ensuing window, click on the 'Advanced' menu (located above) & select 'View Hidden Tasks'
Review all the tasks/jobs at hand. You should be able to recognise jobs that you have created yourself.
Delete hidden jobs that look like these:
  • A034B7FF91BB36BB.job
    A06F1FEF91A49933.job
    A2C3205A93B8CDFA.job
    A36F645091B91BF0.job
    A42C6F7190EFE559.job
You can recognise them by the fact that they're hidden & have names that consist of 16 random letters.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Download fl.zip.
Extract the contents to a new folder on Desktop. (do NOT run it from within the zip file)
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis
  • FindLOP.txt
  • Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

#3 jhh3d

jhh3d
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 January 2006 - 01:36 AM

Thanks very much. The lop toolbar seems to be gone, and the popups appear to have stopped.

Pc-cillin still finds ADW Clicker.J. The comment is "Denied Access."

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:26:15 AM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\newaim\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


And here's the findlop.txt log:

Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Administrator\Application Data

07/21/2005 01:29 PM <DIR> Gtek
10/04/2002 02:34 AM <DIR> Identities
10/04/2002 02:58 AM <DIR> Symantec
0 File(s) 0 bytes
3 Dir(s) 22,238,359,552 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Alek Hodges\Application Data

11/13/2002 04:04 PM <DIR> Adobe
09/20/2004 04:35 PM <DIR> Aim
05/25/2005 12:55 PM <DIR> alta
12/05/2004 12:04 PM <DIR> Apple Computer
08/18/2005 11:14 AM <DIR> Camp bolt
11/04/2002 08:16 AM <DIR> Corel
07/21/2005 08:43 PM <DIR> Gtek
09/05/2005 08:06 PM <DIR> Help
10/04/2002 02:34 AM <DIR> Identities
08/22/2005 10:11 PM <DIR> knobmailtons
01/09/2005 09:56 AM <DIR> Lavasoft
04/08/2004 12:10 PM <DIR> Lycos
12/23/2002 02:04 PM <DIR> Macromedia
11/06/2002 04:29 PM <DIR> Microsoft Web Folders
08/27/2005 06:18 PM <DIR> MSN6
11/04/2002 08:16 AM 12,358 PFP100JCM.{PB
11/04/2002 08:16 AM 61,678 PFP100JPR.{PB
09/03/2005 06:33 PM <DIR> PictureTrail
10/04/2002 02:58 AM <DIR> Symantec
08/19/2004 05:37 PM <DIR> WeatherBug
01/15/2003 04:32 PM <DIR> You've Got Pictures Screensaver
2 File(s) 74,036 bytes
19 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\All Users\Application Data

01/02/2006 11:02 PM <DIR> .
01/02/2006 11:02 PM <DIR> ..
09/05/2005 09:55 PM <DIR> AOL
11/20/2005 11:29 AM <DIR> Apple Computer
10/04/2002 02:56 AM <DIR> BVRP Software
11/20/2002 06:35 PM <DIR> MSN6
03/22/2005 07:32 PM <DIR> Napster
11/20/2004 11:37 AM <DIR> PopCap
10/04/2002 03:00 AM <DIR> QuickTime
10/04/2002 02:54 AM <DIR> SBSI
01/01/2006 04:45 PM <DIR> Spybot - Search & Destroy
11/25/2002 06:35 PM <DIR> Support.com
02/04/2003 10:48 AM <DIR> Symantec
01/15/2005 10:38 PM <DIR> Viewpoint
08/19/2005 08:12 AM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
15 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Betsy Hodges\Application Data

11/12/2002 10:31 PM <DIR> Adobe
02/28/2005 04:53 PM 1,373 AdobeDLM.log
09/21/2004 05:10 PM <DIR> Aim
06/24/2005 11:10 AM <DIR> Camp bolt
01/25/2003 01:09 PM <DIR> Corel
02/28/2005 04:53 PM 0 dm.ini
12/10/2005 05:47 PM <DIR> Google
11/04/2002 08:40 PM <DIR> Help
10/04/2002 02:34 AM <DIR> Identities
11/12/2002 10:12 PM <DIR> InterTrust
08/22/2005 10:32 PM <DIR> knobmailtons
12/27/2004 06:01 PM <DIR> Lavasoft
04/08/2004 09:55 AM <DIR> Lycos
02/04/2004 06:35 PM <DIR> Macromedia
03/07/2003 03:06 PM <DIR> Microsoft Web Folders
11/19/2002 10:00 PM 12,358 PFP100JCM.{PB
11/19/2002 10:00 PM 61,678 PFP100JPR.{PB
10/04/2002 02:58 AM <DIR> Symantec
4 File(s) 75,409 bytes
14 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Guest\Application Data

07/21/2005 01:29 PM <DIR> Gtek
10/04/2002 02:34 AM <DIR> Identities
10/04/2002 02:58 AM <DIR> Symantec
0 File(s) 0 bytes
3 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Joe Hodges\Application Data

11/15/2002 10:43 PM <DIR> Adobe
12/06/2004 12:00 PM <DIR> Aim
12/18/2004 04:24 PM <DIR> Apple Computer
08/14/2005 10:02 PM <DIR> Camp bolt
11/27/2002 05:07 PM <DIR> Corel
04/27/2003 10:57 PM 0 dm.ini
11/23/2002 05:28 PM <DIR> Help
10/28/2005 10:04 AM <DIR> Identities
04/27/2003 10:58 PM <DIR> InterTrust
05/28/2005 02:50 PM <DIR> Lavasoft
04/07/2004 11:27 PM <DIR> Lycos
01/30/2004 11:18 PM <DIR> Macromedia
10/24/2005 09:03 AM <DIR> MSN6
11/27/2002 05:07 PM 12,358 PFP100JCM.{PB
11/27/2002 05:07 PM 61,678 PFP100JPR.{PB
10/04/2002 02:58 AM <DIR> Symantec
3 File(s) 74,036 bytes
13 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Joseph Hodges\Application Data

08/10/2003 08:02 PM <DIR> Adobe
06/10/2004 12:47 PM <DIR> Aim
12/12/2005 07:39 AM <DIR> Camp bolt
10/04/2002 02:34 AM <DIR> Identities
12/12/2005 07:39 AM <DIR> knobmailtons
02/16/2005 10:23 AM <DIR> Lavasoft
02/13/2004 06:54 PM <DIR> Macromedia
06/23/2004 05:02 PM <DIR> MSN6
10/04/2002 02:58 AM <DIR> Symantec
0 File(s) 0 bytes
9 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Owner\Application Data

07/21/2005 01:29 PM <DIR> Gtek
10/04/2002 02:34 AM <DIR> Identities
10/04/2002 02:58 AM <DIR> Symantec
0 File(s) 0 bytes
3 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\Default User\Application Data

07/21/2005 01:29 PM <DIR> .
07/21/2005 01:29 PM <DIR> ..
08/31/2001 10:40 AM 62 DESKTOP.INI
1 File(s) 62 bytes
2 Dir(s) 22,238,162,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 9466-D905

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Disk Cleanup.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\SYSTEM32\cleanmgr.exe'
Parameters: ''
WorkingDirectory: 'C:\WINDOWS\SYSTEM32'
Comment: ''
Creator: 'Joe Hodges'
Priority: NORMAL
MaxRunTime: 21600000 (0d 6:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 01/03/2006 2:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 1
RunOnlyIfLoggedOn = 0
SystemRequired = 1
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 01/13/2004
EndDate: 00/00/0000
StartTime: 02:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0



Finally, here's the Online Scan log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 03, 2006 01:13:40
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/01/2006
Kaspersky Anti-Virus database records: 168749
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 102680
Number of viruses found: 59
Number of infected objects: 271
Number of suspicious objects: 4
Duration of the scan process: 5592 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\DogSiteTest.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\hkhxukxm.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\kcyaiflw.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\kiqwzsxi.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\LogDrvPlayRef.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\perslkvb.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\uvfbtipo.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\viotouui.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons\zopkmpoq.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Documents and Settings\Alek Hodges\lkvx.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\Documents and Settings\Alek Hodges\lkvx.exe/few.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Alek Hodges\lkvx.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch1.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Betsy Hodges\lkvx.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\Documents and Settings\Betsy Hodges\lkvx.exe/few.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Betsy Hodges\lkvx.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Betsy Hodges\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Ebhodges" <ebhodges@att.net>][Date Fri, 04 Mar 2005 19:38:30 +0100]/UNNAMED/345556.rar/dddd.exe Infected: Email-Worm.Win32.Bagle.pac
C:\Documents and Settings\Betsy Hodges\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Ebhodges" <ebhodges@att.net>][Date Fri, 04 Mar 2005 19:38:30 +0100]/UNNAMED/345556.rar Infected: Email-Worm.Win32.Bagle.pac
C:\Documents and Settings\Betsy Hodges\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Ebhodges" <ebhodges@att.net>][Date Fri, 04 Mar 2005 19:38:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.pac
C:\Documents and Settings\Betsy Hodges\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.pac
C:\Documents and Settings\Joe Hodges\Desktop\jhh3d.cab/C:/WINDOWS/SYSTEM32/navshext.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\Documents and Settings\Joe Hodges\Desktop\jhh3d.cab Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\Documents and Settings\Joe Hodges\lkvx.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\Documents and Settings\Joe Hodges\lkvx.exe/few.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Joe Hodges\lkvx.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Joe Hodges\lkx.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\Documents and Settings\Joe Hodges\lkx.exe/few.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Joe Hodges\lkx.exe Infected: not-a-virus:NetTool.Win32.Sniffer.b
C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons\DogSiteTest.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons\jmrwmnlh.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons\LogDrvPlayRef.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons\Safedartbits.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons\sbrkoyjw.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\exactSetup.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Exact.b
C:\exactSetup.exe/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.Exact.b
C:\exactSetup.exe Infected: not-a-virus:AdWare.Win32.Exact.b
C:\Program Files\LimeWire\3.0.2\limeshop.exe/data0126 Infected: not-a-virus:AdWare.Win32.TopMoxie.c
C:\Program Files\LimeWire\3.0.2\limeshop.exe Infected: not-a-virus:AdWare.Win32.TopMoxie.c
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\10.tmp Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\153.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\154.tmp Infected: Trojan-IM.Win32.Agent.a
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\155.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\156.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\157.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\158.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\159.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15A.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15B.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15C.tmp Infected: Trojan-IM.Win32.Agent.a
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16F.tmp Infected: Trojan-IM.Win32.Agent.a
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\179.tmp Infected: IM-Worm.Win32.Kelvir.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17B.tmp Infected: Backdoor.Win32.IRCBot.cf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\25.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\26.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\27.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28D.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\29.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\29F.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2A.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp/A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp/dlcl.edp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp/hosts Infected: Trojan.Win32.Qhost
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp/palsp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp/zema Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B7.tmp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp/dlcl.edp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp/hosts Infected: Trojan.Win32.Qhost
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp/palsp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp/zema Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B8.tmp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp/dlcl.edp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp/hosts Infected: Trojan.Win32.Qhost
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp/palsp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp/zema Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B9.tmp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp/dlcl.edp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp/hosts Infected: Trojan.Win32.Qhost
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp/palsp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp/zema Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2BA.tmp Infected: Net-Worm.Win32.Randon
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp/A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp Infected: Exploit.Java.ByteVerify
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2E.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2F.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\30.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\31.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\32.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\33.tmp Infected: Trojan.Win32.EliteBar.d
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\34.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\35.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\36.tmp Infected: Trojan.Win32.StartPage.aw
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\37.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\38.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\39.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3A.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3B.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ag
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3C.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3D.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3E.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ag
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3F.tmp Infected: Trojan.Win32.EliteBar.d
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\40.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\41.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\42.tmp Infected: Trojan.Win32.StartPage.aw
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\43.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\44.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\45.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\46.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\47.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\48.tmp Infected: Trojan-Downloader.Win32.VB.na
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4E.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4EA.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4EB.tmp Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4EC.tmp Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4ED.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4EE.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4EF.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F.tmp Infected: Rootkit.Win32.Agent.l
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F0.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F1.tmp Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F2.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F3.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F4.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F5.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F6.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F7.tmp Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F8.tmp Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F9.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FA.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FB.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FC.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FD.tmp Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FE.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4FF.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5.tmp Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\50.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\500.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\501.tmp Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\51.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\52.tmp Infected: Trojan.Win32.Qhost
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\53.tmp Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\54.tmp Infected: Trojan-Downloader.Win32.VB.na
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\56.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ag
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\58.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\59.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5A.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5C.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5D.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5F.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\60.tmp Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\61.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6B.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6D.tmp Infected: Trojan.Win32.Agent.ay
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\70.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7B.tmp Infected: IM-Worm.Win32.Kelvir.bz
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7C.tmp Infected: Backdoor.Win32.IRCBot.cf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7E.tmp Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\80.tmp Infected: Trojan-Downloader.Win32.VB.jl
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\81.tmp Infected: Trojan-Downloader.Win32.VB.jl
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\86.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8A.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8C.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8E.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8F.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\91.tmp Infected: Trojan-Dropper.Win32.Small.qn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\92.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\94.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\96.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\98.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9A.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9C.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A2.tmp Infected: Trojan.Win32.StartPage.aw
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A3.tmp Infected: Trojan-Dropper.Win32.Small.qn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A4.tmp Infected: Trojan-Dropper.Win32.Small.qn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B7.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B8.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\BD.tmp Infected: Trojan-Downloader.Win32.Apropo.ae
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\BE.tmp Infected: Backdoor.Win32.IRCBot.jl
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\BF.tmp Infected: Trojan-Downloader.Win32.Apropo.ae
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C1.tmp Infected: Trojan-Downloader.Win32.Agent.hw
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C2.tmp Infected: Trojan-Downloader.Win32.Agent.hw
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C9.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\CA.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\CD.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\CE.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D1.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D3.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D5.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D7.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D9.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\DB.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\DD.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\DF.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E5.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E6.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E7.tmp Infected: Trojan-Dropper.Win32.Agent.kd
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E8.tmp Infected: Trojan-Dropper.Win32.Agent.kd
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E9.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\EB.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\ED.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\EF.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F.tmp Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F1.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F2.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP74\A0003755.exe Infected: Trojan-Downloader.Win32.Swizzor.dk
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP93\A0004814.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\WINDOWS\cpr_mm.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm.exe Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm2.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm2.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm2.exe Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e
C:\WINDOWS\SYSTEM32\dlcl.edp Infected: Net-Worm.Win32.Randon
C:\WINDOWS\SYSTEM32\dsdsd.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\WINDOWS\SYSTEM32\dsdsd.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn
C:\WINDOWS\SYSTEM32\dsdsd.exe Infected: Trojan-Downloader.Win32.IstBar.nn
C:\WINDOWS\SYSTEM32\ezPopStub.exe Infected: not-a-virus:AdWare.Win32.EZula.av
C:\WINDOWS\SYSTEM32\msehek.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bb
C:\WINDOWS\SYSTEM32\msfdje.gif Infected: not-a-virus:AdWare.Win32.ClientMan
C:\WINDOWS\SYSTEM32\mshfan.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bb
C:\WINDOWS\SYSTEM32\navshext1.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\WINDOWS\SYSTEM32\osmim.dll Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c
C:\WINDOWS\SYSTEM32\zema Infected: Net-Worm.Win32.Randon
C:\WINDOWS\syswast.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.AdWast.a
C:\WINDOWS\syswast.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\syswast.exe Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\WINDOWS\woinstall.exe Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\xz.bat Infected: Trojan.BAT.KillProc.a

Scan process completed.

#4 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 January 2006 - 03:02 AM

You have several other user accounts on this machine. Please logon into each account & obtain HJT logs for each of them. Post those logs in your next reply

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

Right click on this & select 'Save As' - DNSManual.bat
Doubleclick on DNSManual.bat & allow it to run.

SpywareBlaster 3.4
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain


* * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * *


Download & launch KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy
  • C:\Documents and Settings\Alek Hodges\lkvx.exe
    C:\Documents and Settings\Betsy Hodges\lkvx.exe
    C:\Documents and Settings\Joe Hodges\Desktop\jhh3d.cab
    C:\Documents and Settings\Joe Hodges\lkvx.exe
    C:\exactSetup.exe
    C:\Program Files\LimeWire\3.0.2\limeshop.exe
    C:\WINDOWS\cpr_mm.exe
    C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
    C:\WINDOWS\SYSTEM32\dlcl.edp
    C:\WINDOWS\SYSTEM32\dsdsd.exe
    C:\WINDOWS\SYSTEM32\ezPopStub.exe
    C:\WINDOWS\SYSTEM32\msehek.dll
    C:\WINDOWS\SYSTEM32\msfdje.gif
    C:\WINDOWS\SYSTEM32\mshfan.dll
    C:\WINDOWS\SYSTEM32\navshext1.dll
    C:\WINDOWS\SYSTEM32\osmim.dll
    C:\WINDOWS\SYSTEM32\zema
    C:\WINDOWS\syswast.exe
    C:\WINDOWS\woinstall.exe
    C:\xz.bat
    C:\Documents and Settings\Betsy Hodges\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
  • WeatherBug /AWS
    ClearSearch / Lycos
Please note any other programs that you dont recognize in that list in your next response


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\Documents and Settings\Alek Hodges\Application Data\Camp bolt
    C:\Documents and Settings\Alek Hodges\Application Data\knobmailtons
    C:\Documents and Settings\Alek Hodges\Application Data\Lycos
    C:\Documents and Settings\Alek Hodges\Application Data\WeatherBug
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Betsy Hodges\Application Data\Camp bolt
    C:\Documents and Settings\Betsy Hodges\Application Data\knobmailtons
    C:\Documents and Settings\Betsy Hodges\Application Data\Lycos
    C:\Documents and Settings\Joe Hodges\Application Data\Camp bolt
    C:\Documents and Settings\Joe Hodges\Application Data\Lycos
    C:\Documents and Settings\Joseph Hodges\Application Data\Camp bolt
    C:\Documents and Settings\Joseph Hodges\Application Data\knobmailtons
Delete ONLY the contents of these folders, leaving them empty
  • C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Post Hijackthis logs for all the user accounts on this machine

#5 jhh3d

jhh3d
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 January 2006 - 10:07 PM

First -- I could not find WeatherBug /AWS or ClearSearch / Lycos in the Add/Remove programs list. I did find these files that I did not completely recognize (some seemed familiar, and I think they are programs I downloaded from previous bleeping computer fixes, and some seem to be programs my kids have used):

Block Checker 1.0 (PC-cillin keeps finding ADW Clicjker.J in this file for all four users, but there was a warning that if it is removed from the add/install list that it drops either worm or a virus into the hard drive, I think)
BroadJump Client Foundation
Buddy Capture Beta
Digital Line Detect
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LQFix 1.0
mIRC
Modem Helper
OIN
ScanModule V5.1
Search Plugin
Select CashBack
Support.com Web Controls
System Process
tafbar (I think this is part of Textbridge software)
TContext
Web Contextual Reset

Second -- When I tried to check if I needed the WMF vulnerability fix, I got a message saying the domain had been suspended.

Third -- Here are the four HJT logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:58 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\You've Got Pictures Screensaver\ygpsstra.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yvpmuqnnhtjdeatbnz.com/FMcUyLLu...pERaUK_kho.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pnbkxiakbmhaggs.com/FMcUyLLu2dQ...x6r76ZULDw.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\You've Got Pictures Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [1 ante] C:\DOCUME~1\ALEKHO~1\APPLIC~1\KNOBMA~1\Safedartbits.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alek Hodges\Application Data\eetu.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Logfile of HijackThis v1.99.1
Scan saved at 9:14:16 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Logfile of HijackThis v1.99.1
Scan saved at 10:05:39 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Logfile of HijackThis v1.99.1
Scan saved at 9:16:26 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ltoaqsorfnhtsjntxf.com/KTElTPw0...H6sfC742uS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bcqpjikbohwkznex.net/KTElTPw0l4...kVeX2jQYmQI.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 04 January 2006 - 03:43 AM

Second -- When I tried to check if I needed the WMF vulnerability fix, I got a message saying the domain had been suspended.

No worry. You are already patched. I can see that from your log


Please download Blockrem from HERE
Unzip it to its own folder on your desktop.


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
  • OIN
    Search Plugin
    Select CashBack
    tafbar
    TContext
    Web Contextual Reset
    Viewpoint
    EbatesMoeMoneyMaker
* * * *


Start HJT & goto Config > Misc Tools - Open Uninstall Manager
From the box on the left, select each entry & look up the the uninstall command from the right :
  • Buddy Capture Beta
Please let me know the entry's uninstall command

Once you have noted that down, select each of the following entries & select 'delete this entry' from the right
  • Block Checker 1.0
  • System Process
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\Program Files\Viewpoint\
    C:\Program Files\EbatesMoeMoneyMaker\
    lockx.exe ..search for this file
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!



* * * * * *


Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
Once it is running please follow the onscreen instructions.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Reboot in normal mode to do these HijackThis fixes


User #1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yvpmuqnnhtjdeatbnz.com/FMcUyLLu...pERaUK_kho.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pnbkxiakbmhaggs.com/FMcUyLLu2dQ...x6r76ZULDw.html
R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [1 ante] C:\DOCUME~1\ALEKHO~1\APPLIC~1\KNOBMA~1\Safedartbits.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alek Hodges\Application Data\eetu.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone


User #2

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O4 - HKCU\..\Run: [stratas] lockx.exe
O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_script0.htm (file missing) (HKCU)


User #3

User 3 is clean


User #4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ltoaqsorfnhtsjntxf.com/KTElTPw0...H6sfC742uS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bcqpjikbohwkznex.net/KTElTPw0l4...kVeX2jQYmQI.jsp
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)


Let me know how it went

#7 jhh3d

jhh3d
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 January 2006 - 11:50 AM

Thanks very much.

I could not remove tafbar from the add/remove list. Should I have removed it when I removed Block Checker 1.0 and System Process through Config > Misc Tools - Open Uninstall Manager? BTW, its uninstall command is: regsvr32.exe -u -s C:\WINDOWS\DOWNLO~\tafbar.dll

Here is the uninstall command for Buddy Capture Beta:

C:\WINDOWS\iun6002.exe"C:\ProgramFiles\BuddyCapture\irunin.ini"

When deleting files/folders, I was able to find and delete C:\Program Files\Checkpoint\, but I did not find C:\Program Files\EbatesMoeMoneyMaker\ or lockx.exe (searched entire C drive)

When I ran blockrem, I received a message saying it could not find the following files:

C:WINDOWS\system32\ccapp.exe
C:WINDOWS\system32\navshext.dll
C:WINDOWS\system32\navshxt1.dll
C:WINDOWS\system32\~ustart.exe

and it recommended that I post an HJT log to one of four locations (I didn't write them down).

Did you want new HJT logs?

Things seem to be in good shape. PC-cillin is no longer finding the Block Checker virus. Guss we just need to get rid of tafbar . . . .

#8 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 04 January 2006 - 04:13 PM

C:\WINDOWS\iun6002.exe"C:\ProgramFiles\BuddyCapture\irunin.ini"

I cannot find anything conclusive about the Buddy Capture but the uninstall command contains names of files that have been associated with malware. More info here...

http://securityresponse.symantec.com/avcen...re.shopnav.html

http://securityresponse.symantec.com/avcen...re.paltalk.html

Based on the above, I recommend that you uninstall it.


Please reboot to Safe Mode to do so.

Try removing it from Add/remove programs first. You may also want to use HijackThis to delete the add/remove entry for tafbar

Then delete these files/folders:

C:\WINDOWS\iun6002.exe
C:\ProgramFiles\BuddyCapture\


Please check the Hijackthis logs for the users which we just fixed. If any of the entries return, please let me know.

#9 jhh3d

jhh3d
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 05 January 2006 - 01:11 PM

Thanks for all your help. Two final questions:

1. When I clicked on Update for SpyWareBlaster, I wes prompted to go to another web site to download and install version 3.5.1; should I do that?

2. PC-cillin keeps finding repeated instances of ADW LOP.J at:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP93\A0005087.exe
How should I delete this file?


The HJT logs looked OK to me. Here they are:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:54 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\You've Got Pictures Screensaver\ygpsstra.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\You've Got Pictures Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\newaim\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Logfile of HijackThis v1.99.1
Scan saved at 12:37:56 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\newaim\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Logfile of HijackThis v1.99.1
Scan saved at 1:09:01 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Logfile of HijackThis v1.99.1
Scan saved at 12:43:44 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124477382\ee\AOLServiceHost.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VTech\vPort Manager\Launcher.exe
C:\Program Files\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124477382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: vPort Manager.lnk = C:\Program Files\VTech\vPort Manager\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Joe Hodges\My Documents\LBL\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: IEVtechXL - http://www.vport.com/plugin/IEVTech.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plug...ver.1.0.2.5.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://aolsvc.merriam-webster.aol.com/tool...ar/cabs/m-w.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 05 January 2006 - 01:25 PM

1. When I clicked on Update for SpyWareBlaster, I wes prompted to go to another web site to download and install version 3.5.1; should I do that?

2. PC-cillin keeps finding repeated instances of ADW LOP.J at:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP93\A0005087.exe
How should I delete this file?


1. Please install Spyware Blaster's latest update - version 3.5.1.

2. We will clear the System Volume Information folder now.


Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:
  • CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  • DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  • SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.


  • Microsoft Windows Update
    Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here


  • SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here


  • IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day. Posted Image

Please respond to this thread one more time so we can mark this thread as resolved.

#11 jhh3d

jhh3d
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 06 January 2006 - 06:32 AM

Thanks for all your help. Things are much improved.

For three of the four users I was unable to select "Custom Level" for Internet Explorer security -- the box remained gray. Should I try to do anything about it? If not, consider this thread closed.

#12 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 06 January 2006 - 12:29 PM

For three of the four users I was unable to select "Custom Level" for Internet Explorer security -- the box remained gray. Should I try to do anything about it?

It's likely that those users do not have administrator privileges.

If that's not so, let me know.

#13 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 14 January 2006 - 03:13 AM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users