Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of Infections


  • Please log in to reply
12 replies to this topic

#1 sayba

sayba

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2006 - 04:31 PM

I am using AD-AWARE, SPYBOT, AVG ANTI VIRUS, ZONE ALARM FIREWALL, HOUSECALL, STINGER.
After many scans they keep coming up with infections. I have cleaned the PC significantly as it would not even boot before but it still needs alot of help as do I.
Thanks

Heres the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 5:28:27 PM, on 6/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\42f140c8.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ZPoint] C:\WINDOWS\system32\winmuse.exe
O4 - HKLM\..\Run: [win32hp] C:\WINDOWS\System32\win32hlp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysTray] C:\Program Files\gqolem.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [42f140c8.exe] C:\WINDOWS\System32\42f140c8.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [42f140c8.exe] C:\Documents and Settings\Avi\Local Settings\Application Data\42f140c8.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\syst51.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: zopenssl - C:\WINDOWS\SYSTEM32\zopenssl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2006 - 04:56 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 08:23 AM

Here the spy sweeper log:

********
11:28 PM: | Start of Session, Tuesday, June 20, 2006 |
11:28 PM: Spy Sweeper started
11:28 PM: Sweep initiated using definitions version 703
11:29 PM: Starting Memory Sweep
11:29 PM: Found Trojan Horse: trojan-downloader-terula
11:29 PM: Detected running threat: C:\WINDOWS\SYSTEM32\winbrume.dll (ID = 290181)
11:37 PM: Memory Sweep Complete, Elapsed Time: 00:08:37
11:37 PM: Starting Registry Sweep
11:37 PM: Found Adware: blazefind
11:37 PM: HKLM\software\microsoft\windows\currentversion\run\ || systray (ID = 104536)
11:38 PM: Found Trojan Horse: trojan-downloader-linkschain
11:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || links (ID = 1015825)
11:38 PM: Found Adware: psguard\winhound fakealert
11:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || intell321.exe (ID = 1141311)
11:38 PM: Found Trojan Horse: trojan-downloader-game4all.biz
11:38 PM: HKLM\software\microsoft\windows\currentversion\runservices\ || systemtools (ID = 1193674)
11:38 PM: Found Trojan Horse: trojan-backdoor-haxdoor
11:38 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\zopenssl\ (6 subtraces) (ID = 1212724)
11:38 PM: HKLM\system\currentcontrolset\services\zopenssld\ (11 subtraces) (ID = 1213403)
11:38 PM: HKCR\clsid\{196b9cb5-4c83-46f7-9b06-9672ecd9d99b}\ (4 subtraces) (ID = 1252503)
11:38 PM: HKLM\software\classes\clsid\{196b9cb5-4c83-46f7-9b06-9672ecd9d99b}\ (4 subtraces) (ID = 1252516)
11:38 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{196b9cb5-4c83-46f7-9b06-9672ecd9d99b}\ (ID = 1252523)
11:38 PM: Found Trojan Horse: trojan-downloader-vj
11:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || zpoint (ID = 1350014)
11:38 PM: Found Trojan Horse: trojan-downloader-forlink.biz
11:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || win32hp (ID = 1376778)
11:38 PM: Found Adware: cws_secure32.html hijack
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1011\software\microsoft\internet explorer\main\ || local page (ID = 946022)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1011\software\microsoft\internet explorer\main\ || start page (ID = 946023)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1011\software\microsoft\internet explorer\main\ || default_page_url (ID = 946026)
11:38 PM: Found Adware: winantivirus pro
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1011\software\winantivirus pro 2006\ (20 subtraces) (ID = 1216147)
11:38 PM: Found Trojan Horse: trojan-backdoor-us15info
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1011\software\microsoft\windows\currentversion\run\ || shell (ID = 1375273)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1009\software\microsoft\internet explorer\main\ || local page (ID = 946022)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1009\software\microsoft\internet explorer\main\ || start page (ID = 946023)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1009\software\microsoft\internet explorer\main\ || default_page_url (ID = 946026)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1009\software\winantivirus pro 2006\ (23 subtraces) (ID = 1216147)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1007\software\microsoft\internet explorer\main\ || local page (ID = 946022)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1007\software\microsoft\internet explorer\main\ || start page (ID = 946023)
11:38 PM: HKU\WRSS_Profile_S-1-5-21-1229963304-1812170134-2669247412-1007\software\microsoft\internet explorer\main\ || default_page_url (ID = 946026)
11:38 PM: Registry Sweep Complete, Elapsed Time:00:01:00
11:38 PM: Starting Cookie Sweep
11:38 PM: Found Spy Cookie: specificclick.com cookie
11:38 PM: beverly@adopt.specificclick[1].txt (ID = 3400)
11:38 PM: Found Spy Cookie: atwola cookie
11:38 PM: beverly@atwola[1].txt (ID = 2255)
11:38 PM: Found Spy Cookie: bannerspace cookie
11:38 PM: beverly@bannerspace[2].txt (ID = 2284)
11:38 PM: Found Spy Cookie: burstnet cookie
11:38 PM: beverly@burstnet[2].txt (ID = 2336)
11:38 PM: Found Spy Cookie: webtrendslive cookie
11:38 PM: beverly@dcslt9a2911e5h27gz9cy9xcg_5f1j[2].txt (ID = 3677)
11:38 PM: beverly@dcsx8czs1erp17368wkcsn8pc_9z2q[2].txt (ID = 3678)
11:38 PM: Found Spy Cookie: mp3downloading cookie
11:38 PM: beverly@mp3downloading[1].txt (ID = 3016)
11:38 PM: Found Spy Cookie: nextag cookie
11:38 PM: beverly@nextag[2].txt (ID = 5014)
11:38 PM: Found Spy Cookie: rightmedia cookie
11:38 PM: beverly@rightmedia[2].txt (ID = 3259)
11:38 PM: Found Spy Cookie: burstbeacon cookie
11:38 PM: beverly@www.burstbeacon[1].txt (ID = 2335)
11:38 PM: Found Spy Cookie: seeq cookie
11:38 PM: beverly@www.seeq[1].txt (ID = 3332)
11:38 PM: beverly@www48.seeq[1].txt (ID = 3332)
11:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
11:38 PM: Starting File Sweep
11:39 PM: Found Adware: winhound
11:39 PM: c:\documents and settings\avi\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:39 PM: c:\documents and settings\michal\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:39 PM: c:\documents and settings\chaim dovid\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:39 PM: c:\documents and settings\beverly\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:41 PM: Found Adware: sicro dialer
11:41 PM: switchagreement.txt (ID = 76024)
11:42 PM: a0002122.exe (ID = 301938)
11:42 PM: Found Trojan Horse: trojan-backdoor-snd
11:42 PM: 275e.tmp (ID = 301291)
11:44 PM: zopenssld.sys (ID = 367)
11:47 PM: 6f3e.tmp (ID = 301291)
11:56 PM: 26d1.tmp (ID = 301291)
11:57 PM: ec11.tmp (ID = 301291)
12:15 AM: a0002123.exe (ID = 301938)
12:17 AM: Found Trojan Horse: trojan-relayer-2ld
12:17 AM: a0002119.exe (ID = 302429)
12:17 AM: a0002125.exe (ID = 301938)
12:18 AM: a0002126.exe (ID = 301938)
12:27 AM: winbrume.dll (ID = 290181)
12:31 AM: 7368.tmp (ID = 301291)
12:32 AM: The Spy Communication shield has blocked access to: webpdp.gator.com
12:32 AM: The Spy Communication shield has blocked access to: webpdp.gator.com
12:35 AM: wapchk.dll (ID = 291206)
12:35 AM: jbamyk[1].txt (ID = 291683)
12:35 AM: 1335.tmp (ID = 301291)
12:35 AM: 21a8.tmp (ID = 301291)
12:35 AM: 22f3.tmp (ID = 301291)
12:35 AM: 235d.tmp (ID = 301291)
12:36 AM: 2907.tmp (ID = 301291)
12:36 AM: 292b.tmp (ID = 301291)
12:36 AM: 2d4c.tmp (ID = 301291)
12:36 AM: 3391.tmp (ID = 301291)
12:36 AM: 3cc5.tmp (ID = 301291)
12:36 AM: 4656.tmp (ID = 301291)
12:36 AM: 4df3.tmp (ID = 301291)
12:36 AM: 4e4d.tmp (ID = 301291)
12:36 AM: 5752.tmp (ID = 301291)
12:36 AM: 5c0.tmp (ID = 301291)
12:36 AM: 5c1c.tmp (ID = 301291)
12:36 AM: 5c6e.tmp (ID = 301291)
12:36 AM: 6679.tmp (ID = 301291)
12:36 AM: 70f.tmp (ID = 301291)
12:36 AM: 7336.tmp (ID = 301291)
12:36 AM: 770d.tmp (ID = 301291)
12:36 AM: 7ad4.tmp (ID = 301291)
12:36 AM: 8002.tmp (ID = 301291)
12:36 AM: 806.tmp (ID = 301291)
12:36 AM: 80a1.tmp (ID = 301291)
12:36 AM: 8407.tmp (ID = 301291)
12:36 AM: 86a6.tmp (ID = 301291)
12:36 AM: 9075.tmp (ID = 301291)
12:36 AM: 9890.tmp (ID = 301291)
12:36 AM: 9f4e.tmp (ID = 301291)
12:36 AM: a117.tmp (ID = 301291)
12:36 AM: aad3.tmp (ID = 301291)
12:36 AM: adc.tmp (ID = 301291)
12:36 AM: b105.tmp (ID = 301291)
12:36 AM: b1b5.tmp (ID = 301291)
12:36 AM: b900.tmp (ID = 301291)
12:36 AM: c39b.tmp (ID = 301291)
12:36 AM: cd30.tmp (ID = 301291)
12:36 AM: ce07.tmp (ID = 301291)
12:36 AM: cee5.tmp (ID = 301291)
12:36 AM: d113.tmp (ID = 301291)
12:36 AM: d8a2.tmp (ID = 301291)
12:36 AM: da95.tmp (ID = 301291)
12:36 AM: e0da.tmp (ID = 301291)
12:36 AM: eaaa.tmp (ID = 301291)
12:36 AM: f149.tmp (ID = 301291)
12:36 AM: f39f.tmp (ID = 301291)
12:36 AM: fca0.tmp (ID = 301291)
12:36 AM: 15d.tmp (ID = 301291)
12:36 AM: d7fe.tmp (ID = 301291)
12:37 AM: e9f2.tmp (ID = 301291)
12:51 AM: Found Trojan Horse: trojan-downloader-gloogle
12:51 AM: counter.inf (ID = 61782)
12:51 AM: Found Adware: java byteverify
12:51 AM: gummy.class-1f226329-1cb590d5.class (ID = 64824)
12:52 AM: ar3.jar-1199dff7-348bd3c1.zip (ID = 64824)
12:52 AM: classload.jar-19407ff0-41ceb9b3.zip (ID = 64823)
12:57 AM: File Sweep Complete, Elapsed Time: 01:18:19
12:57 AM: Full Sweep has completed. Elapsed time 01:28:27
12:57 AM: Traces Found: 221
6:46 AM: Removal process initiated
6:46 AM: Quarantining All Traces: psguard\winhound fakealert
6:46 AM: Quarantining All Traces: trojan-backdoor-haxdoor
6:47 AM: Quarantining All Traces: trojan-backdoor-snd
6:47 AM: Quarantining All Traces: trojan-backdoor-us15info
6:47 AM: Quarantining All Traces: trojan-downloader-forlink.biz
6:47 AM: Quarantining All Traces: trojan-downloader-game4all.biz
6:47 AM: Quarantining All Traces: trojan-downloader-vj
6:47 AM: Quarantining All Traces: blazefind
6:47 AM: Quarantining All Traces: trojan-downloader-gloogle
6:47 AM: Quarantining All Traces: trojan-downloader-linkschain
6:47 AM: Quarantining All Traces: trojan-downloader-terula
6:47 AM: trojan-downloader-terula is in use. It will be removed on reboot.
6:47 AM: winbrume.dll is in use. It will be removed on reboot.
6:47 AM: Quarantining All Traces: trojan-relayer-2ld
6:47 AM: Quarantining All Traces: cws_secure32.html hijack
6:47 AM: Quarantining All Traces: java byteverify
6:47 AM: Quarantining All Traces: sicro dialer
6:47 AM: Quarantining All Traces: winantivirus pro
6:47 AM: Quarantining All Traces: winhound
6:47 AM: Quarantining All Traces: atwola cookie
6:47 AM: Quarantining All Traces: bannerspace cookie
6:47 AM: Quarantining All Traces: burstbeacon cookie
6:47 AM: Quarantining All Traces: burstnet cookie
6:47 AM: Quarantining All Traces: mp3downloading cookie
6:47 AM: Quarantining All Traces: nextag cookie
6:47 AM: Quarantining All Traces: rightmedia cookie
6:47 AM: Quarantining All Traces: seeq cookie
6:47 AM: Quarantining All Traces: specificclick.com cookie
6:47 AM: Quarantining All Traces: webtrendslive cookie
6:47 AM: Warning: Failed to set data for 'start page'
6:47 AM: Warning: Failed to set data for 'start page'
6:47 AM: Warning: Failed to set data for 'start page'
6:48 AM: Removal process completed. Elapsed time 00:02:03
6:48 AM: Error: Failed to set data for 'Start Page'.
6:50 AM: Sent error log: C:\Documents and Settings\Avi\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
********
7:24 PM: | Start of Session, Tuesday, June 20, 2006 |
7:24 PM: Spy Sweeper started
7:25 PM: Messenger service has been disabled.
11:19 PM: Your spyware definitions have been updated.
11:23 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-terula, version 1.0.0.0
11:23 PM: Detected running threat: trojan-downloader-terula
11:24 PM: Ignored memory-resident threat: trojan-downloader-terula
11:28 PM: | End of Session, Tuesday, June 20, 2006 |

____________________________________________________________________________________

There was an error when spysweeper tried to reset the IE start page - This caused spysweeper to crash and restart (probably the malware?)

Here is the report of that error:

date/time : 2006-06-21, 06:48:54, 140ms
computer name : MASTER
user name : SYSTEM
operating system : Windows XP Service Pack 1 build 2600
system language : English
system up time : 7 hours 40 minutes
program up time : 7 hours 34 minutes
processor : Intel® Pentium® 4 CPU 2.53GHz
physical memory : 31/126 MB (free/total)
free disk space : (C:) 27.72 GB
display mode : 1024x768, 32 bit
process id : $790
allocated memory : 26.73 MB
executable : WRSSSDK.exe
exec. date/time : 2006-01-25 11:05
version : 2.0.9.509
madExcept version : 2.7g
exception class : ERegistryException
exception message : Failed to set data for 'Start Page'.

thread $204:
0049834f WRSSSDK.exe WideRegistry 673 TWideRegistry.PutData
00497c8f WRSSSDK.exe WideRegistry 450 TWideRegistry.WriteString
00537d8b WRSSSDK.exe IEHijackItemList 371 TIEHijackItem.SetCurrentValue
0053ae4e WRSSSDK.exe ShieldIEHijack 404 TShieldIEHijack.RestoreIEDefaults
0057bd0e WRSSSDK.exe IEHijackShield 111 TIEHijackShield.RestoreIEDefaults
78012212 RPCRT4.dll RpcBindingInqAuthClientExW
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $244 at:
780177d1 RPCRT4.dll

main thread ($77c):
7ffe0304 ???
77d43c69 user32.dll WaitMessage
00487c00 WRSSSDK.exe Forms TApplication.Idle
00487257 WRSSSDK.exe Forms TApplication.HandleMessage
0048ad13 WRSSSDK.exe SvcMgr TServiceApplication.Run
0058ba5c WRSSSDK.exe WRSSSDK 282 initialization

thread $20c (TCSIDLRefreshThread):
7ffe0304 ???
77f76718 ntdll.dll NtWaitForSingleObject
77e7a627 kernel32.dll WaitForSingleObjectEx
77e7ac1c kernel32.dll WaitForSingleObject
004cfab2 WRSSSDK.exe CSIDLRefreshThread 90 TCSIDLRefreshThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by main thread ($77c) at:
004cf9cc WRSSSDK.exe CSIDLRefreshThread 56 TCSIDLRefreshThread.Create

thread $210 (TDirectoryWatcher):
7ffe0304 ???
77f76709 ntdll.dll NtWaitForMultipleObjects
77e75eda kernel32.dll WaitForMultipleObjectsEx
77e75fa5 kernel32.dll WaitForMultipleObjects
00514356 WRSSSDK.exe Watcher 141 TCustomWatcher.WaitForEvent
005143eb WRSSSDK.exe Watcher 164 TCustomWatcher.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by main thread ($77c) at:
00514160 WRSSSDK.exe Watcher 72 TCustomWatcher.Create

thread $214 (TSpyDriverThread): <priority:2>
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
77e7a374 kernel32.dll SleepEx
77e61bf0 kernel32.dll Sleep
0053687d WRSSSDK.exe SpyDriver 536 TSpyDriverThread.Execute
00480057 WRSSSDK.exe Forms TCustomForm.DoDestroy
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by main thread ($77c) at:
00536713 WRSSSDK.exe SpyDriver 488 TSpyDriverThread.Create

thread $218 (TWinlogonMgr):
7ffe0304 ???
77f76718 ntdll.dll NtWaitForSingleObject
77e7a627 kernel32.dll WaitForSingleObjectEx
77e7ac1c kernel32.dll WaitForSingleObject
00538a49 WRSSSDK.exe WinlogonNotifierMgr 251 TWinlogonMgr.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by main thread ($77c) at:
00538776 WRSSSDK.exe WinlogonNotifierMgr 190 TWinlogonMgr.Create

thread $21c (TServiceStartThread):
7ffe0304 ???
77f761f2 ntdll.dll NtReadFile
77e7abb7 kernel32.dll ReadFile
77ddfe74 ADVAPI32.dll StartServiceCtrlDispatcherA
0048ab4f WRSSSDK.exe SvcMgr TServiceStartThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by main thread ($77c) at:
0048aae7 WRSSSDK.exe SvcMgr TServiceStartThread.Create

thread $174:
7ffe0304 ???
77f76718 ntdll.dll NtWaitForSingleObject
77e7a627 kernel32.dll WaitForSingleObjectEx
77e7ac1c kernel32.dll WaitForSingleObject
0044c524 WRSSSDK.exe Classes TThread.WaitFor
0048a021 WRSSSDK.exe SvcMgr TService.DoStart
00489f50 WRSSSDK.exe SvcMgr TService.Main
0048a433 WRSSSDK.exe SvcMgr TServiceApplication.DispatchServiceMain
0048a252 WRSSSDK.exe SvcMgr ServiceMain
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $21c (TServiceStartThread) at:
77ddbec3 ADVAPI32.dll

thread $15c (TServiceThread):
7ffe0304 ???
77d443c8 user32.dll GetMessageA
004897bb WRSSSDK.exe SvcMgr TServiceThread.ProcessRequests
0049fe67 WRSSSDK.exe WRSSSDKService 132 TsvcWRSSSDK.ServiceExecute
0048962b WRSSSDK.exe SvcMgr TServiceThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $174 at:
0048953b WRSSSDK.exe SvcMgr TServiceThread.Create

thread $ac4:
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $b4 at:
780177d1 RPCRT4.dll

thread $af0:
7ffe0304 ???
77d43c90 user32.dll GetMessageW
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $b4 at:
771d2521 OLE32.DLL

thread $b18 (TDefFileRefreshThread):
7ffe0304 ???
77f76718 ntdll.dll NtWaitForSingleObject
77e7a627 kernel32.dll WaitForSingleObjectEx
77e7ac1c kernel32.dll WaitForSingleObject
004c1d0e WRSSSDK.exe DefFileRefreshThread 79 TDefFileRefreshThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $b4 at:
004c1c2c WRSSSDK.exe DefFileRefreshThread 47 TDefFileRefreshThread.Create

thread $b20 (TCommonAdSitesThread): <suspended>
77e7d342 kernel32.dll
>> created by thread $b4 at:
00552ef9 WRSSSDK.exe ShieldCommonAdSites 97 TShieldCommonAdSites.Create

thread $c24:
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $ac4 at:
780177d1 RPCRT4.dll

thread $c2c (TDirectoryWatcher):
7ffe0304 ???
77f76709 ntdll.dll NtWaitForMultipleObjects
77e75eda kernel32.dll WaitForMultipleObjectsEx
77e75fa5 kernel32.dll WaitForMultipleObjects
00514356 WRSSSDK.exe Watcher 141 TCustomWatcher.WaitForEvent
005143eb WRSSSDK.exe Watcher 164 TCustomWatcher.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $c24 at:
00514160 WRSSSDK.exe Watcher 72 TCustomWatcher.Create

thread $c30 (TShieldMessengerServiceThread):
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
77e7a374 kernel32.dll SleepEx
77e61bf0 kernel32.dll Sleep
0055461c WRSSSDK.exe ShieldMessengerService 226 TShieldMessengerServiceThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $b84 at:
00554473 WRSSSDK.exe ShieldMessengerService 117 TShieldMessengerService.ActivateSystemWideShield

thread $c38 (TDirectoryWatcher):
7ffe0304 ???
77f76709 ntdll.dll NtWaitForMultipleObjects
77e75eda kernel32.dll WaitForMultipleObjectsEx
77e75fa5 kernel32.dll WaitForMultipleObjects
00514356 WRSSSDK.exe Watcher 141 TCustomWatcher.WaitForEvent
005143eb WRSSSDK.exe Watcher 164 TCustomWatcher.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $ac4 at:
00514160 WRSSSDK.exe Watcher 72 TCustomWatcher.Create

thread $c3c (TRegistryWatcher):
7ffe0304 ???
77f76709 ntdll.dll NtWaitForMultipleObjects
77e75eda kernel32.dll WaitForMultipleObjectsEx
77e75fa5 kernel32.dll WaitForMultipleObjects
00514356 WRSSSDK.exe Watcher 141 TCustomWatcher.WaitForEvent
005143eb WRSSSDK.exe Watcher 164 TCustomWatcher.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $ac4 at:
00514160 WRSSSDK.exe Watcher 72 TCustomWatcher.Create

thread $f74:
7ffe0304 ???
77f762b5 ntdll.dll NtReplyWaitReceivePortEx
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $c90 at:
780177d1 RPCRT4.dll

thread $244:
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $f74 at:
780177d1 RPCRT4.dll

thread $f18:
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $c24 at:
780177d1 RPCRT4.dll

thread $9d8 (TShieldMemoryThread):
7ffe0304 ???
77f75ab2 ntdll.dll NtDelayExecution
77e7a374 kernel32.dll SleepEx
77e61bf0 kernel32.dll Sleep
005550f2 WRSSSDK.exe ShieldMemory 217 TShieldMemoryThread.Execute
0042c59e WRSSSDK.exe madExcept HookedTThreadExecute
0044bfec WRSSSDK.exe Classes ThreadProc
00404b58 WRSSSDK.exe System ThreadWrapper
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $ac4 at:
00554f2f WRSSSDK.exe ShieldMemory 134 TShieldMemory.ActivateSystemWideShield

thread $a08:
7ffe0304 ???
77f762b5 ntdll.dll NtReplyWaitReceivePortEx
0042c533 WRSSSDK.exe madExcept ThreadExceptFrame
>> created by thread $ac4 at:
780177d1 RPCRT4.dll

modules:
00400000 WRSSSDK.exe 2.0.9.509 C:\Program Files\Webroot\Spy Sweeper
008a0000 comctl32.dll 6.0.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
5ad60000 vdmdbg.dll 5.1.2600.0 C:\WINDOWS\System32
5ad70000 uxtheme.dll 6.0.2800.1106 C:\WINDOWS\System32
5edd0000 olepro32.dll 5.0.5014.0 C:\WINDOWS\System32
629c0000 LPK.DLL 5.1.2600.0 C:\WINDOWS\System32
70a70000 SHLWAPI.dll 6.0.2800.1106 C:\WINDOWS\system32
71aa0000 WS2HELP.dll 5.1.2600.0 C:\WINDOWS\System32
71ab0000 WS2_32.dll 5.1.2600.0 C:\WINDOWS\System32
71ad0000 wsock32.dll 5.1.2600.0 C:\WINDOWS\System32
71b20000 mpr.dll 5.1.2600.0 C:\WINDOWS\system32
71bf0000 SAMLIB.dll 5.1.2600.1106 C:\WINDOWS\System32
71c10000 ntlanman.dll 5.1.2600.1106 C:\WINDOWS\System32
71c20000 netapi32.dll 5.1.2600.1106 C:\WINDOWS\System32
71c80000 NETRAP.dll 5.1.2600.0 C:\WINDOWS\System32
71c90000 NETUI1.dll 5.1.2600.0 C:\WINDOWS\System32
71cd0000 NETUI0.dll 5.1.2600.0 C:\WINDOWS\System32
72fa0000 USP10.dll 1.409.2600.1106 C:\WINDOWS\System32
75a70000 USERENV.dll 5.1.2600.1106 C:\WINDOWS\system32
75e90000 SXS.DLL 5.1.2600.1106 C:\WINDOWS\System32
75f40000 Apphelp.dll 5.1.2600.1106 C:\WINDOWS\system32
75f60000 drprov.dll 5.1.2600.0 C:\WINDOWS\System32
75f70000 davclnt.dll 5.1.2600.0 C:\WINDOWS\System32
76200000 wininet.dll 6.0.2800.1106 C:\WINDOWS\system32
762a0000 MSASN1.dll 5.1.2600.0 C:\WINDOWS\system32
762c0000 CRYPT32.dll 5.131.2600.1152 C:\WINDOWS\system32
763b0000 comdlg32.dll 6.0.2800.1106 C:\WINDOWS\system32
76400000 msi.dll 2.0.2600.1106 C:\WINDOWS\System32
76670000 SETUPAPI.dll 5.1.2600.1106 C:\WINDOWS\System32
76bf0000 PSAPI.dll 5.1.2600.1106 C:\WINDOWS\System32
76c90000 IMAGEHLP.DLL 5.1.2600.1106 C:\WINDOWS\system32
76d60000 iphlpapi.dll 5.1.2600.2 C:\WINDOWS\System32
76f20000 dnsapi.dll 5.1.2600.1106 C:\WINDOWS\System32
76f90000 secur32.dll 5.1.2600.1106 C:\WINDOWS\System32
76fd0000 CLBCATQ.DLL 2001.12.4414.42 C:\WINDOWS\System32
77050000 COMRes.dll 2001.12.4414.42 C:\WINDOWS\System32
77120000 oleaut32.dll 3.50.5016.0 C:\WINDOWS\system32
771b0000 OLE32.DLL 5.1.2600.1106 C:\WINDOWS\system32
77340000 comctl32.dll 5.82.2800.1106 C:\WINDOWS\system32
773d0000 shell32.dll 6.0.2800.1106 C:\WINDOWS\system32
77c00000 version.dll 5.1.2600.0 C:\WINDOWS\system32
77c10000 MSVCRT.DLL 7.0.2600.1106 C:\WINDOWS\system32
77c70000 GDI32.dll 5.1.2600.1106 C:\WINDOWS\system32
77d40000 user32.dll 5.1.2600.1106 C:\WINDOWS\system32
77dd0000 ADVAPI32.dll 5.1.2600.1106 C:\WINDOWS\system32
77e60000 kernel32.dll 5.1.2600.1106 C:\WINDOWS\system32
77f50000 ntdll.dll 5.1.2600.1106 C:\WINDOWS\System32
78000000 RPCRT4.dll 5.1.2600.1140 C:\WINDOWS\system32

hardware:
+ Computer
- ACPI Uniprocessor PC
+ Disk drives
- WDC WD400EB-75CPF0
+ Display adapters
- Intel® 82845G/GL/GE/PE/GV Graphics Controller (driver 6.13.10.3510)
+ DVD/CD-ROM drives
- Lite-On LTN486S 48x Max
- SAMSUNG CD-R/RW SW-248F
+ Floppy disk controllers
- Standard floppy disk controller
+ Floppy disk drives
- Floppy disk drive
+ Human Interface Devices
- USB Human Interface Device
+ IDE ATA/ATAPI controllers
- Intel® 82801DB Ultra ATA Storage Controller - 24CB (driver 4.0.1001.0)
- Primary IDE Channel
- Secondary IDE Channel
+ Intel® Unified Graphics Drivers
- Intel® Graphics Chipset (KCH) Driver (driver 6.13.10.3510)
- Intel® Graphics Platform (SoftBIOS) Driver (driver 6.13.10.3510)
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- HID-compliant mouse
+ Modems
- BCM V.92 56K Modem (driver 3.5.25.0)
+ Monitors
- Plug and Play Monitor
+ Network adapters
- Broadcom 440x 10/100 Integrated Controller (driver 3.60.0.0)
+ Ports (COM
________________________________________________________________________________________

Here is the HJT log before a restart:

Logfile of HijackThis v1.99.1
Scan saved at 7:18:03 AM, on 6/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\42f140c8.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [42f140c8.exe] C:\WINDOWS\System32\42f140c8.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [42f140c8.exe] C:\Documents and Settings\Avi\Local Settings\Application Data\42f140c8.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\syst51.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

________________________________________________________________________

I also figure I would include my latest findings with AVG

This is my AVG quarantine log:

Trojan horse Downloader.Small.EW C:\WINDOWS\SYSTEM32\dlh9jkdq7.exe 6/15/2006 11:42:47 PM dlh9jkdq7.exe 6.86 KB
Virus found Downloader.Tibs C:\WINDOWS\SYSTEM32\rpcc.exe 6/20/2006 2:49:11 PM rpcc.exe 14.49 KB
Virus found Small C:\WINDOWS\SYSTEM32\intell321.exe 6/20/2006 2:49:35 PM intell321.exe 7 KB
Virus found Win32/Nsag C:\WINDOWS\SYSTEM32\wininet.dll 6/14/2006 12:48:29 AM wininet.dll 643 KB
Trojan horse Downloader.Small.55.BP C:\WINDOWS\SYSTEM32\syst51.dll 6/14/2006 12:48:38 AM syst51.dll 4 KB
Virus found Win32/Nsag C:\WINDOWS\SYSTEM32\wininet.dll 6/14/2006 12:48:52 AM wininet.dll 643 KB
Trojan horse Downloader.Small.55.BP C:\WINDOWS\SYSTEM32\syst51.dll 6/14/2006 12:49:08 AM syst51.dll 4 KB
Trojan horse Proxy.DHC C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\nsmtp2[1].exe 6/20/2006 2:58:43 PM nsmtp2[1].exe 44.5 KB
Trojan horse PSW.Generic2.AKI C:\egleowx.exe 6/20/2006 3:00:31 PM egleowx.exe 72.5 KB
Virus found Small C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002106.exe 6/20/2006 3:02:42 PM A0002106.exe 7 KB
Virus found Downloader.Tibs C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002105.exe 6/20/2006 3:03:16 PM A0002105.exe 14.49 KB
Trojan horse PSW.Generic2.EE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.dll 6/20/2006 3:05:48 PM ibm00011.dll 67 KB
Trojan horse PSW.Generic2.QA C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll 6/20/2006 3:06:12 PM ibm00012.dll 61.5 KB
Trojan horse Downloader.Generic2.BVD C:\Program Files\Internet Explorer\lock.exe 6/20/2006 3:10:02 PM lock.exe 10 KB
Trojan horse Downloader.Generic2.BVD C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002086.exe 6/20/2006 3:12:11 PM A0002086.exe 10 KB
Trojan horse Downloader.Generic2.BVD C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002087.exe 6/20/2006 3:12:21 PM A0002087.exe 10 KB
Trojan horse PSW.Generic2.AKI C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002111.exe 6/20/2006 3:12:24 PM A0002111.exe 72.5 KB
Trojan horse PSW.Generic2.EE C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002113.dll 6/20/2006 3:12:27 PM A0002113.dll 67 KB
Trojan horse PSW.Generic2.QA C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002114.dll 6/20/2006 3:12:29 PM A0002114.dll 61.5 KB
Virus found Downloader.Tibs C:\WINDOWS\SYSTEM32\12471132ld.exe 6/20/2006 3:12:51 PM 12471132ld.exe 14.49 KB
Virus found Downloader.Tibs C:\WINDOWS\SYSTEM32\2232.exe 6/20/2006 3:13:05 PM 2232.exe 8.18 KB
Virus found Downloader.Tibs C:\WINDOWS\SYSTEM32\2236.exe 6/20/2006 3:13:10 PM 2236.exe 8.18 KB
Trojan horse Downloader.Generic2.BDK C:\WINDOWS\SYSTEM32\2652.exe 6/20/2006 3:13:19 PM 2652.exe 10.5 KB
Trojan horse Downloader.Generic2.BDK C:\WINDOWS\SYSTEM32\2656.exe 6/20/2006 3:13:27 PM 2656.exe 10.5 KB
Trojan horse Downloader.Generic2.BDK C:\WINDOWS\SYSTEM32\2936.exe 6/20/2006 3:13:41 PM 2936.exe 10.5 KB
Trojan horse Downloader.Generic2.BDK C:\WINDOWS\SYSTEM32\3984.exe 6/20/2006 3:13:50 PM 3984.exe 10.5 KB
Trojan horse Downloader.Generic2.BVD C:\WINDOWS\SYSTEM32\win32hlp.exe 6/20/2006 3:17:11 PM win32hlp.exe 10 KB
Trojan horse PSW.Generic.ZYA C:\WINDOWS\Temp\$_3472452.EXE 6/20/2006 3:17:45 PM $_3472452.EXE 72 KB
Virus found Downloader.Tibs C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002120.exe 6/20/2006 3:25:26 PM A0002120.exe 8.18 KB
Virus found Downloader.Tibs C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0002121.exe 6/20/2006 3:25:37 PM A0002121.exe 8.18 KB
Trojan horse Downloader.Generic.XTB C:\adj.exe 6/15/2006 10:11:22 PM adj.exe 4 KB
Trojan horse Generic.DXX C:\fdj.exe 6/15/2006 10:11:22 PM fdj.exe 5.54 KB
Trojan horse Collected.Z C:\ms1.exe 6/15/2006 10:11:23 PM ms1.exe 3 KB
Trojan horse Generic.QRX C:\nj.exe 6/15/2006 10:11:23 PM nj.exe 27.5 KB
Trojan horse Downloader.Generic.ZQO C:\pdbebl.exe 6/15/2006 10:11:23 PM pdbebl.exe 1.36 KB
Trojan horse Downloader.Generic2.APP C:\rsytyrbs.exe 6/15/2006 10:11:23 PM rsytyrbs.exe 4.5 KB
Trojan horse Collected.Z C:\tool4.exe 6/15/2006 10:11:28 PM tool4.exe 101 KB
Trojan horse Collected.Z C:\toolbar.exe 6/15/2006 10:11:29 PM toolbar.exe 9.51 KB
Trojan horse Downloader.Generic2.AZN C:\xegqyep.exe 6/15/2006 10:11:29 PM xegqyep.exe 15.43 KB
Trojan horse Downloader.Generic.XTB C:\Documents and Settings\Abba\Local Settings\Application Data\3d36bff5.exe 6/15/2006 10:11:29 PM 3d36bff5.exe 4 KB
Trojan horse Downloader.Agent.DGY C:\Documents and Settings\Abba\Local Settings\Temp\6.tmp 6/15/2006 10:11:29 PM 6.tmp 53 KB
Trojan horse Downloader.Generic.YVF C:\Documents and Settings\Abba\Local Settings\Temp\9.tmp 6/15/2006 10:11:29 PM 9.tmp 6 KB
Trojan horse Dialer.BIB C:\Documents and Settings\Abba\Local Settings\Temp\khgnjhpl.exe 6/15/2006 10:11:29 PM khgnjhpl.exe 13.91 KB
Trojan horse Dialer.BIB C:\Documents and Settings\Abba\Local Settings\Temp\manbhccd.exe 6/15/2006 10:11:30 PM manbhccd.exe 13.91 KB
Trojan horse Downloader.Generic.ZJR C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\29EPUT8J\glgba[1].htm 6/15/2006 10:11:30 PM glgba[1].htm 9.42 KB
Trojan horse Clicker.BYA C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\29EPUT8J\okfrg[1].txt 6/15/2006 10:11:30 PM okfrg[1].txt 1.36 KB
Trojan horse SpamTool.DJ C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\29EPUT8J\scane[1].exe 6/15/2006 10:11:30 PM scane[1].exe 14.65 KB
Trojan horse Proxy.BHS C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\2XW5E1W5\igl[1].exe 6/15/2006 10:11:30 PM igl[1].exe 20.5 KB
Trojan horse Exploit.Downloader C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\psg[1].anr 6/15/2006 10:11:30 PM psg[1].anr 912 bytes
Trojan horse Exploit.Downloader C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\psg[2].anr 6/15/2006 10:11:30 PM psg[2].anr 912 bytes
Trojan horse Exploit.Downloader C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\psg[1].anr 6/15/2006 10:11:30 PM psg[1].anr 912 bytes
Trojan horse Downloader.Agent.DGY C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\8BG3QF43\red[1].exe 6/15/2006 10:11:31 PM red[1].exe 53 KB
Trojan horse Downloader.Generic.NON C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\gdnUS250[1].exe 6/15/2006 10:11:31 PM gdnUS250[1].exe 14 KB
Trojan horse Exploit.Downloader C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\nc[1].anr 6/15/2006 10:11:31 PM nc[1].anr 912 bytes
Trojan horse Downloader.Generic2.RS C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\TDVZAWI9\dlkjvf[1].txt 6/15/2006 10:11:31 PM dlkjvf[1].txt 9.51 KB
Trojan horse Downloader.Generic.YLE C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\TDVZAWI9\lmemyx[1].txt 6/15/2006 10:11:31 PM lmemyx[1].txt 3 KB
Trojan horse Downloader.Generic.YUM C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\TDVZAWI9\parad[1].raw 6/15/2006 10:11:31 PM parad[1].raw 50 KB
Trojan horse Downloader.Generic.YVF C:\Documents and Settings\Abba\Local Settings\Temporary Internet Files\Content.IE5\TDVZAWI9\winsvr[1].exe 6/15/2006 10:11:31 PM winsvr[1].exe 6 KB
Trojan horse Downloader.Generic.XHS C:\Documents and Settings\Avi\Desktop\sdff1f 6/15/2006 10:11:32 PM sdff1f 6 KB
Trojan horse Generic.SUZ C:\Documents and Settings\Avi\Desktop\sdfff 6/15/2006 10:11:32 PM sdfff 32 KB
Trojan horse Downloader.Generic.XTB C:\Documents and Settings\Avi\Local Settings\Application Data\3d36bff5.exe 6/15/2006 10:11:32 PM 3d36bff5.exe 4 KB
Trojan horse Dialer.BVE C:\Documents and Settings\Avi\Local Settings\Temp\her.pt 6/15/2006 10:11:32 PM her.pt 13 KB
Trojan horse Downloader.Zlob.GL C:\Documents and Settings\Avi\Local Settings\Temp\temp.fr51F3 6/15/2006 10:11:32 PM temp.fr51F3 40 KB
Trojan horse Downloader.Small.10.AO C:\Documents and Settings\Avi\Local Settings\Temp\ICD1.tmp\explorer.exe 6/15/2006 10:11:32 PM explorer.exe 36 KB
Trojan horse Downloader.Agent.DRH C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\8967C9AF\loader[1].exe 6/15/2006 10:11:32 PM loader[1].exe 8.5 KB
Trojan horse Collected.Z C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\8967C9AF\nsazkji[1].txt 6/15/2006 10:11:32 PM nsazkji[1].txt 1024 bytes
Trojan horse Collected.Z C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\8967C9AF\wehfrqjtv[1].txt 6/15/2006 10:11:32 PM wehfrqjtv[1].txt 1024 bytes
Trojan horse Collected.Z C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\8967C9AF\zucomyxj[1].htm 6/15/2006 10:11:33 PM zucomyxj[1].htm 1024 bytes
Trojan horse Downloader.Generic.XHS C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\U3EPKR4Z\1001[1].exe 6/15/2006 10:11:33 PM 1001[1].exe 6 KB
Trojan horse Clicker.BYA C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\U3EPKR4Z\vdlgfrqoam[1].txt 6/15/2006 10:11:33 PM vdlgfrqoam[1].txt 1.36 KB
Trojan horse Generic.SUZ C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDMZS1UF\1002[1].exe 6/15/2006 10:11:33 PM 1002[1].exe 32 KB
Trojan horse PSW.Generic.XUC C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDMZS1UF\futifpmw[1].txt 6/15/2006 10:11:33 PM futifpmw[1].txt 72 KB
Trojan horse Downloader.Generic2.ARW C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDMZS1UF\lock[1].exe 6/15/2006 10:11:33 PM lock[1].exe 10 KB
Trojan horse Collected.Z C:\Documents and Settings\Avi\Local Settings\Temp\Temporary Internet Files\Content.IE5\WJBZVNOP\osrdonmkw[1].txt 6/15/2006 10:11:34 PM osrdonmkw[1].txt 1024 bytes
Trojan horse Downloader.Generic.XTB C:\Documents and Settings\Beverly\Local Settings\Application Data\3d36bff5.exe 6/15/2006 10:11:34 PM 3d36bff5.exe 4 KB
Trojan horse Dialer.BIB C:\Documents and Settings\Beverly\Local Settings\Temp\olcmkhcd.exe 6/15/2006 10:11:34 PM olcmkhcd.exe 13.91 KB
Trojan horse Downloader.Generic.NON C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\810JK3IR\gdnUS250[2].exe 6/15/2006 10:11:34 PM gdnUS250[2].exe 14 KB
Trojan horse Exploit.Downloader C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\G1AR4PEF\pnt[1].anr 6/15/2006 10:11:34 PM pnt[1].anr 912 bytes
Trojan horse Downloader.Generic.NON C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\NHMSO8VJ\gdnUS250[1].exe 6/15/2006 10:11:34 PM gdnUS250[1].exe 13.53 KB
Trojan horse Exploit.Downloader C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\S9U1KDGX\psg[1].anr 6/15/2006 10:11:34 PM psg[1].anr 912 bytes
Trojan horse Downloader.Generic.XTB C:\Documents and Settings\Chaim Dovid\Local Settings\Application Data\3d36bff5.exe 6/15/2006 10:11:35 PM 3d36bff5.exe 4 KB
Trojan horse BackDoor.Generic2.PYX C:\Documents and Settings\Chaim Dovid\Local Settings\Temporary Internet Files\Content.IE5\2DSBE16H\__tt[1].exe 6/15/2006 10:11:35 PM __tt[1].exe 32 KB
Trojan horse Proxy.CJO C:\Documents and Settings\Chaim Dovid\Local Settings\Temporary Internet Files\Content.IE5\8HKLAFWP\sss_5[1].exe 6/15/2006 10:11:35 PM sss_5[1].exe 53 KB
Trojan horse Downloader.Generic.CVD C:\Documents and Settings\Michal\xWGPTPPOWXK.exe 6/15/2006 10:11:35 PM xWGPTPPOWXK.exe 78.85 KB
Trojan horse Downloader.Generic.XTB C:\Documents and Settings\Michal\Local Settings\Application Data\3d36bff5.exe 6/15/2006 10:11:36 PM 3d36bff5.exe 4 KB
Trojan horse PSW.Generic.XTT C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\dhcbskq[1].txt 6/15/2006 10:11:36 PM dhcbskq[1].txt 72 KB
Trojan horse Downloader.Generic.CVD C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\196_150_ni[1].abc 6/15/2006 10:11:36 PM 196_150_ni[1].abc 78.83 KB
Trojan horse Downloader.Agent.DY C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\WX0FOFKB\195_150_ni[1].abc 6/15/2006 10:11:37 PM 195_150_ni[1].abc 78.33 KB
Trojan horse Downloader.Agent.DRH C:\Program Files\Internet Explorer\loader.exe 6/15/2006 10:11:37 PM loader.exe 8.5 KB
Trojan horse Downloader.Small.10.AO C:\WINDOWS\internet.exe 6/15/2006 10:11:37 PM internet.exe 36 KB
Trojan horse Downloader.Generic.CVD C:\WINDOWS\SYSTEM32\196_150_ni.exe 6/15/2006 10:11:37 PM 196_150_ni.exe 78.85 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\3452.exe 6/15/2006 10:11:37 PM 3452.exe 7.93 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\3620.exe 6/15/2006 10:11:38 PM 3620.exe 7.93 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\3624.exe 6/15/2006 10:11:38 PM 3624.exe 7.93 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\3668.exe 6/15/2006 10:11:38 PM 3668.exe 7.93 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\3672.exe 6/15/2006 10:11:38 PM 3672.exe 7.93 KB
Trojan horse Downloader.Generic.XTB C:\WINDOWS\SYSTEM32\3d36bff5.exe 6/15/2006 10:11:38 PM 3d36bff5.exe 4 KB
Trojan horse Dialer.BVE C:\WINDOWS\SYSTEM32\dial23.exe 6/15/2006 10:11:38 PM dial23.exe 13 KB
Trojan horse Generic.DXX C:\WINDOWS\SYSTEM32\links.exe 6/15/2006 10:11:38 PM links.exe 5.54 KB
Trojan horse Proxy.BHS C:\WINDOWS\SYSTEM32\lmdcajhc.exe 6/15/2006 10:11:38 PM lmdcajhc.exe 20.5 KB
Trojan horse Downloader.Generic2.AH C:\WINDOWS\SYSTEM32\per.exe 6/15/2006 10:11:39 PM per.exe 7.93 KB
Trojan horse Downloader.Generic.XHS C:\WINDOWS\SYSTEM32\t1t.exe 6/15/2006 10:11:39 PM t1t.exe 6 KB
Trojan horse Downloader.Generic.YUM C:\WINDOWS\SYSTEM32\taskdir.exe 6/15/2006 10:11:39 PM taskdir.exe 50 KB
Trojan horse SpamTool.DJ C:\WINDOWS\SYSTEM32\taskdir~.exe 6/15/2006 10:11:39 PM taskdir~.exe 14.65 KB
Trojan horse Generic.SUZ C:\WINDOWS\SYSTEM32\tt.exe 6/15/2006 10:11:39 PM tt.exe 32 KB
Trojan horse Downloader.Generic2.ARW C:\WINDOWS\SYSTEM32\winmuse.exe 6/15/2006 10:11:39 PM winmuse.exe 10 KB
Trojan horse Downloader.Generic.ZJR C:\WINDOWS\SYSTEM32\win_07.exe 6/15/2006 10:11:39 PM win_07.exe 9.42 KB
Trojan horse Proxy.CJO C:\WINDOWS\Temp\36EE.tmp 6/15/2006 10:11:40 PM 36EE.tmp 53 KB
Trojan horse BackDoor.Generic2.PYX C:\WINDOWS\Temp\A5D.tmp 6/15/2006 10:11:40 PM A5D.tmp 32 KB
Trojan horse Proxy.CJO C:\WINDOWS\Temp\AF37.tmp 6/15/2006 10:11:40 PM AF37.tmp 53 KB
Trojan horse Downloader.Harnig.AI C:\WINDOWS\Temp\setup.exe 6/15/2006 10:11:40 PM setup.exe 5.47 KB
Virus found Downloader.Tibs C:\WINDOWS\SYSTEM32\kernels8.exe 6/20/2006 3:50:44 PM kernels8.exe 7.99 KB
Virus found Small C:\WINDOWS\SYSTEM32\oleext.dll 6/20/2006 3:57:19 PM oleext.dll 17.5 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001010.exe 6/15/2006 11:12:19 PM A0001010.exe 4 KB
Trojan horse Generic.DXX C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001011.exe 6/15/2006 11:12:19 PM A0001011.exe 5.54 KB
Trojan horse Collected.Z C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001012.exe 6/15/2006 11:12:19 PM A0001012.exe 3 KB
Trojan horse Generic.QRX C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001013.exe 6/15/2006 11:12:19 PM A0001013.exe 27.5 KB
Trojan horse Downloader.Generic.ZQO C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001014.exe 6/15/2006 11:12:19 PM A0001014.exe 1.36 KB
Trojan horse Downloader.Generic2.APP C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001015.exe 6/15/2006 11:12:19 PM A0001015.exe 4.5 KB
Trojan horse Collected.Z C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001016.exe 6/15/2006 11:12:19 PM A0001016.exe 101 KB
Trojan horse Collected.Z C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001017.exe 6/15/2006 11:12:19 PM A0001017.exe 9.51 KB
Trojan horse Downloader.Generic2.AZN C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001018.exe 6/15/2006 11:12:19 PM A0001018.exe 15.43 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001019.exe 6/15/2006 11:12:19 PM A0001019.exe 4 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001020.exe 6/15/2006 11:12:19 PM A0001020.exe 4 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001021.exe 6/15/2006 11:12:19 PM A0001021.exe 4 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001022.exe 6/15/2006 11:12:19 PM A0001022.exe 4 KB
Trojan horse Downloader.Generic.CVD C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001023.exe 6/15/2006 11:12:19 PM A0001023.exe 78.85 KB
Trojan horse Downloader.Generic.XTB C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001024.exe 6/15/2006 11:12:19 PM A0001024.exe 4 KB
Trojan horse Downloader.Agent.DRH C:\System Volume Information\_re

#4 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 08:41 AM

sorry my last post got cut off. I was just a long list of viruses that are now hopefully quarantined. The only thing I was still getting was an AVG popup telling me that c:\Windows\system32\zopenssl.dll was a PSW.Generic2.AM Trojan. I cant delete or quarantine that infection (probably because it is in use). Also a file named 42f140c8.exe keeps coming up in the zone alarm firewall as trying to gain access to the internet which I deny access every time.

Plus, here is a new HJT log after restart and some spysweeper activity on bootup:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:01 AM, on 6/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\42f140c8.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [42f140c8.exe] C:\WINDOWS\System32\42f140c8.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [42f140c8.exe] C:\Documents and Settings\Avi\Local Settings\Application Data\42f140c8.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\syst51.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Thanks

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 09:21 AM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
==================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

O4 - HKLM\..\Run: [rpcc] rpcc.exe

O4 - HKLM\..\Run: [42f140c8.exe] C:\WINDOWS\System32\42f140c8.exe

O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

O4 - HKCU\..\Run: [42f140c8.exe] C:\Documents and Settings\Avi\Local Settings\Application Data\42f140c8.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\syst51.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

c:\counter.cab
C:\WINDOWS\system32\syst51.dll
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\System32\42f140c8.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\Documents and Settings\Avi\Local Settings\Application Data\42f140c8.exe



Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 10:45 AM

Everything worked pretty well exept the HJT during fixing gave me this error:
________________________________________________________________
an unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\syst51.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
__________________________________________________________________
I dont think I am getting any spyware, virus or firewall alerts as of now.
But the biggest problem is now the speed of the machine which upon booting is VERY slow. The "Windows is starting..." blue scren takes about 4 minutes, followed by the actual loading of the desktop (after clicking on a user) which takes another 4-5 minutes, then when spysweeper loads its lags on the splash screen for about another 5 minutes. I was not having this problem before this incedent and wonder if there are still infections of its just corrupt filesystems and drivers due to the extensive cleaning. Not sure what to do about that.

When I started windows this time I saw the usuall Blue screen desktop backround with the warning message that my computer is infected and I need to download their antispyware software (BUT this time it was not maximized and was only a window above my normal desktop). So I went to the active desktop [roperties and deleted (not disabled) the warning message screen.

I also got a popup from AVG that the resident E-Mail scanner is not fully functional.

Here are the 2 Logs you requested:


SmitFraudFix v2.63

Scan done at 10:36:54.35, Wed 06/21/2006
Run from C:\Documents and Settings\Avi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\warnhp.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Avi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Avi\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\Avi\Desktop\asfds FOUND !
C:\DOCUME~1\Avi\Desktop\sdfdsf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

HKLM\SOFTWARE\WinHound.com FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Warning homepage"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

__________________________________________-

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 6/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Thanks
Hope to hear from you soon

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 11:16 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 June 2006 - 09:39 PM

Everything worked pretty well. The system cleanup utility which started froze up for like 10 min and I cancelled it and everything proceeded fine after that.

Earlier in my computer cleaning I found wininet.dll to be infected and deleted it. Then I manually replaced it with a new clean wininet.dll

The computer is running the same as after my last post (very very slow at all boot up steps).

Here are the logs
------------------------------------
SmitFraudFix v2.63

Scan done at 21:46:54.37, Wed 06/21/2006
Run from C:\Documents and Settings\Avi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\uniq Deleted
C:\WINDOWS\warnhp.html Deleted
C:\WINDOWS\system32\dlh9jkdq?.exe Deleted
C:\DOCUME~1\Avi\Desktop\asfds Deleted
C:\DOCUME~1\Avi\Desktop\sdfdsf Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

HKLM\SOFTWARE\WinHound.com Deleted

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:38:04 PM, on 6/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank You,
JS

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 June 2006 - 07:46 AM

You have both McAfee and AVG running - remove one of them - only one active AV should be running

Having SpyWare Doc, SPySweeper and MS Antispy may be too much and causing slow downs

BTW MS AntiSpy has been replaced with

MS Windows Defender - http://www.microsoft.com/downloads/details...;displaylang=en (XP and W2K only)
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 June 2006 - 09:48 AM

I will attemt to clean out a few of those programs tonight. I didnt think I had Mcafee but I will take a better look. Do you reccomend AVG or something else? (I have NAV I could use instead)
I will uninstall SpySweeper (it is only a 2 week trial anyways). I was also unaware of SpywareDoc, I will look for that to uninstall also. I will try to update MS Antispy to MS Defender. Do you reccomend Spybot S&D over the others, because thats what I usually use?

Ill get back to you soon with a performance update, when I do all that.
Thanks,
JS

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 June 2006 - 10:26 AM

I use SPyBot - Adaware - Defender and SpyWare Blaster
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 sayba

sayba
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 July 2006 - 08:43 PM

Sorry for the delayed reply, I have moved and took some time to set up this computer in the new location.

Anyways, I have uninstalled Webroot Spysweeper.

I could not find Mcafee installed, but I deleted all the files in C:\Program Files.

I can not find spywareDoc on the computer.

I am going to hold off on upgrading MS antispy to MS Defender until I install Win XP SP2, which i have read to hold off on till everything is 100% clean. Let me know if this is correct or I should go ahead with both of those upgrades.

The system is still pretty much like before (very slow) except for the startup splash screen for spysweeper (which is obviously gone now)

I appreciate any help in getting this system running fast like before.
Thanks,
JS

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 18 July 2006 - 07:45 PM

Post a current log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users