Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Know Something Is Awry...


  • This topic is locked This topic is locked
12 replies to this topic

#1 dbunder

dbunder

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 21 July 2006 - 11:10 AM

Random popups and browser weirdness, weird firewall requests, etc. The log looks harmless, but you're the pros. I'm running regular scans with Adaware, Spybot, Spyware Doc, and Ewido 4.0 and all they catch is tracking cookies. Any other scanners I should check out that might catch something?

Logfile of HijackThis v1.99.1
Scan saved at 9:07:15 AM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\TotalRecorder\TotRecSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\utorrent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{61140CDE-0000-4CF0-A97D-17F310212FA8}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Thanks for any help!

Edited by dbunder, 21 July 2006 - 11:10 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 22 July 2006 - 09:06 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dbunder

dbunder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 22 July 2006 - 12:17 PM

Well that ran a lot more quickly than I expected. :thumbsup:

--

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"µTorrent" = ""C:\Program Files\utorrent.exe"" [null data]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"Outpost Firewall" = "C:\Program Files\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."]
"OutpostFeedBack" = "C:\Program Files\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" = "PSPad"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Program Files\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Program Files\dBpowerAMP\dMCShell.dll" [empty string]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
"BootExecute" = ** WARNING -- empty or invalid data! **

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Program Files\dBpowerAMP\dBShell.dll" [empty string]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
PSPad\(Default) = "{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "jay" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\jay\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"SpeedFan" -> shortcut to: "C:\Program Files\SpeedFan\speedfan.exe" ["Almico Software (www.almico.com)"]
"Trillian" -> shortcut to: "C:\Program Files\Trillian\trillian.exe" ["Cerulean Studios"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = "Shell Search Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 4 domain names to IP addresses,
3 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Outpost Firewall Service, OutpostFirewall, "C:\Program Files\Outpost Firewall\outpost.exe /service" ["Agnitum Ltd."]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
PDScheduler, PDSched, ""C:\Program Files\Raxco\PerfectDisk\PDSched.exe"" ["Raxco Software, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 7 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 6 seconds.
---------- (total run time: 29 seconds)

Thanks! Btw, the 3 ip addrs in hosts were added by me, so nothing weird there.

Edited by dbunder, 22 July 2006 - 12:18 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 22 July 2006 - 09:35 PM

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dbunder

dbunder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 22 July 2006 - 10:54 PM

It created a file in my c:\ root called sUBs. Safe to delete, or is it there for a reason?

Here is the log...

Start Time= Sat 07/22/2006 20:38:20.59
Running from: C:\Documents and Settings\jay\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-22 20:42 <DIR> C:\Documents and Settings\jay\Application Data\utorrent
2006-07-22 20:37 <DIR> C:\Program Files\mozilla firefox
2006-07-22 20:36 <DIR> C:\Program Files\mozilla thunderbird
2006-07-22 20:04 <DIR> C:\Program Files\outpost firewall
2006-07-22 19:55 150 C:\WINDOWS\odbc.ini
2006-07-22 19:55 <DIR> C:\Program Files\speedfan
2006-07-22 19:55 <DIR> C:\Program Files\installshield installation information
2006-07-22 19:43 679 C:\WINDOWS\win.ini
2006-07-22 19:37 <DIR> C:\Program Files\softwin
2006-07-22 19:37 <DIR> C:\Program Files\Common Files\softwin
2006-07-22 19:36 <DIR> C:\Program Files\common files
2006-07-22 19:34 <DIR> C:\Program Files\winrar
2006-07-22 19:34 <DIR> C:\Program Files\unlocker
2006-07-22 19:33 <DIR> C:\Program Files\tuneup utilities 2006
2006-07-22 19:33 <DIR> C:\Program Files\trillian
2006-07-22 19:33 <DIR> C:\Program Files\spyware doctor
2006-07-22 19:33 <DIR> C:\Program Files\spybot - search & destroy
2006-07-22 19:29 <DIR> C:\Program Files\pspad editor
2006-07-22 19:27 <DIR> C:\Program Files\itunes
2006-07-22 19:27 <DIR> C:\Program Files\internet explorer
2006-07-22 19:27 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-22 19:27 <DIR> C:\Program Files\eset
2006-07-22 19:27 <DIR> C:\Program Files\dbpoweramp
2006-07-22 15:06 28,672 C:\WINDOWS\system32\drivers\co_mon.sys
2006-07-22 14:44 <DIR> C:\Documents and Settings\jay\Application Data\openoffice.org2
2006-07-21 09:15 <DIR> C:\Program Files\spywareblaster
2006-07-21 09:07 <DIR> C:\Program Files\hijackthis
2006-07-21 08:45 51,072 C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-21 08:45 30,592 C:\WINDOWS\system32\drivers\ikhfile.sys
2006-07-21 08:43 <DIR> C:\Documents and Settings\jay\Application Data\pc tools
2006-07-20 17:44 223,128 C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-07-20 17:44 <DIR> C:\Program Files\alcohol soft
2006-07-19 18:09 <DIR> C:\Program Files\openoffice.org 2.0
2006-07-19 18:00 <DIR> C:\Documents and Settings\jay\Application Data\apple computer
2006-07-19 17:44 <DIR> C:\Program Files\ipod
2006-07-19 14:07 <DIR> C:\Program Files\totalrecorder
2006-07-19 10:31 <DIR> C:\Program Files\lame
2006-07-19 10:31 <DIR> C:\Program Files\exact audio copy
2006-07-18 01:23 <DIR> C:\Documents and Settings\jay\Application Data\funwebproducts
2006-07-14 07:48 439,552 C:\WINDOWS\system32\perfstringbackup.ini
2006-07-11 02:28 <DIR> C:\Program Files\adobe
2006-07-10 16:54 <DIR> C:\Program Files\Common Files\adobe
2006-07-10 16:38 <DIR> C:\Program Files\jewel quest
2006-07-10 16:16 <DIR> C:\Documents and Settings\jay\Application Data\adobe
2006-07-10 16:12 <DIR> C:\Program Files\Common Files\adobe systems shared
2006-07-10 12:58 <DIR> C:\Program Files\ricochet xtreme
2006-07-10 11:59 <DIR> C:\Documents and Settings\jay\Application Data\microsoft
2006-07-09 19:00 <DIR> C:\Program Files\evil invasion
2006-07-09 18:45 <DIR> C:\Program Files\crimsonland
2006-07-09 18:02 <DIR> C:\Program Files\diner dash 2
2006-07-09 18:02 <DIR> C:\Documents and Settings\jay\Application Data\playfirst
2006-07-09 17:54 <DIR> C:\Program Files\reflexivearcade
2006-07-09 16:58 <DIR> C:\Program Files\vstplugins
2006-07-09 16:58 <DIR> C:\Documents and Settings\jay\Application Data\sony
2006-07-09 16:58 <DIR> C:\Documents and Settings\jay\Application Data\publish providers
2006-07-09 16:57 <DIR> C:\Program Files\sony
2006-07-09 14:19 <DIR> C:\Program Files\mutant storm
2006-07-08 12:52 <DIR> C:\Documents and Settings\jay\Application Data\sony corporation
2006-07-07 19:34 <DIR> C:\Program Files\Common Files\sony shared
2006-07-07 19:29 <DIR> C:\Program Files\Common Files\installshield
2006-07-06 02:55 96,384 C:\WINDOWS\system32\drivers\sptd9917.sys
2006-07-06 02:55 642,560 C:\WINDOWS\system32\drivers\sptd.sys
2006-07-03 21:26 131,072 C:\WINDOWS\system32\spoonuninstall.exe
2006-06-30 15:31 <DIR> C:\Program Files\sierra
2006-06-30 15:30 69 C:\WINDOWS\nerodigital.ini
2006-06-29 14:51 98,304 C:\WINDOWS\system32\cmdlineext.dll
2006-06-29 14:15 5,632 C:\WINDOWS\system32\ptpusb.dll
2006-06-29 14:15 159,232 C:\WINDOWS\system32\ptpusd.dll
2006-06-29 14:15 15,104 C:\WINDOWS\system32\drivers\usbscan.sys
2006-06-29 14:10 <DIR> C:\Program Files\Common Files\agnitum shared
2006-06-25 15:06 <DIR> C:\Program Files\xvid
2006-06-24 10:58 <DIR> C:\Program Files\prime95
2006-06-24 00:13 <DIR> C:\Documents and Settings\jay\Application Data\help
2006-06-22 16:18 <DIR> C:\Documents and Settings\jay\Application Data\adobeum
2006-06-22 16:16 875 C:\Documents and Settings\jay\Application Data\adobedlm.log
2006-06-22 16:16 0 C:\Documents and Settings\jay\Application Data\dm.ini
2006-06-22 16:00 <DIR> C:\Program Files\steam
2006-06-22 14:55 43,264 C:\WINDOWS\system32\drivers\sbp2port.sys
2006-06-22 14:55 <DIR> C:\Program Files\driver cleaner pro
2006-06-21 23:35 <DIR> C:\Program Files\futuremark
2006-06-21 19:25 86,016 C:\WINDOWS\system32\openal32.dll
2006-06-21 19:25 262,144 C:\WINDOWS\system32\wrap_oal.dll
2006-06-20 11:34 <DIR> C:\Program Files\raxco
2006-06-20 11:34 <DIR> C:\Program Files\Common Files\raxco
2006-06-20 11:13 <DIR> C:\Documents and Settings\jay\Application Data\sun
2006-06-20 11:12 <DIR> C:\Program Files\java
2006-06-20 11:10 <DIR> C:\Program Files\Common Files\java
2006-06-19 19:53 <DIR> C:\Program Files\sinepisodes
2006-06-19 18:34 <DIR> C:\Documents and Settings\jay\Application Data\macromedia
2006-06-19 16:20 702,768 C:\WINDOWS\system32\wgalogon.dll
2006-06-19 13:46 <DIR> C:\Program Files\Common Files\ahead
2006-06-19 13:46 <DIR> C:\Documents and Settings\jay\Application Data\ahead
2006-06-19 13:44 <DIR> C:\Program Files\nero
2006-06-19 13:24 32 C:\WINDOWS\wininit.ini
2006-06-19 13:17 <DIR> C:\Program Files\atitool
2006-06-19 13:00 <DIR> C:\Documents and Settings\jay\Application Data\lavasoft
2006-06-19 12:59 <DIR> C:\Program Files\lavasoft
2006-06-19 12:35 <DIR> C:\Program Files\Common Files\wise installation wizard
2006-06-19 12:35 <DIR> C:\Documents and Settings\jay\Application Data\tuneup software
2006-06-19 12:26 <DIR> C:\Program Files\quicktime
2006-06-19 12:16 502,368 C:\WINDOWS\system32\drivers\amon.sys
2006-06-19 12:16 274,432 C:\WINDOWS\system32\imon.dll
2006-06-19 11:59 <DIR> C:\Documents and Settings\jay\Application Data\thunderbird
2006-06-19 11:59 <DIR> C:\Documents and Settings\jay\Application Data\talkback
2006-06-19 11:59 <DIR> C:\Documents and Settings\jay\Application Data\mozilla
2006-06-19 11:55 <DIR> C:\Documents and Settings\jay\Application Data\pspad
2006-06-19 11:37 <DIR> C:\Program Files\realtek sound manager
2006-06-19 11:37 <DIR> C:\Program Files\realtek ac97
2006-06-19 11:37 <DIR> C:\Program Files\epox
2006-06-19 11:37 <DIR> C:\Program Files\avrack
2006-06-19 11:36 <DIR> C:\Program Files\online services
2006-06-19 11:34 <DIR> C:\Program Files\uninstall information
2006-06-19 11:34 <DIR> C:\Program Files\Common Files\microsoft shared
2006-06-19 11:34 <DIR> C:\Documents and Settings\jay\Application Data\identities
2006-06-19 11:30 <DIR> C:\Program Files\xerox
2006-06-19 11:30 <DIR> C:\Program Files\windows media player
2006-06-19 11:30 <DIR> C:\Program Files\microsoft frontpage
2006-06-19 11:29 4,161 C:\WINDOWS\odbcinst.ini
2006-06-19 11:28 <DIR> C:\Program Files\windowsupdate
2006-06-19 11:28 <DIR> C:\Program Files\outlook express
2006-06-19 11:28 <DIR> C:\Program Files\netmeeting
2006-06-19 11:28 <DIR> C:\Program Files\movie maker
2006-06-19 11:28 <DIR> C:\Program Files\Common Files\services
2006-06-19 11:28 <DIR> C:\Program Files\Common Files\mssoap
2006-06-19 11:27 37 C:\WINDOWS\vbaddin.ini
2006-06-19 11:27 36 C:\WINDOWS\vb.ini
2006-06-19 11:27 <DIR> C:\Program Files\windows media connect 2
2006-06-19 11:27 <DIR> C:\Program Files\msn gaming zone
2006-06-19 11:27 <DIR> C:\Program Files\messenger
2006-06-19 11:27 <DIR> C:\Program Files\complus applications
2006-06-19 11:27 <DIR> C:\Program Files\Common Files\system
2006-06-19 11:26 <DIR> C:\Program Files\windows nt
2006-06-19 11:26 <DIR> C:\Program Files\msn
2006-06-01 19:09 208,896 C:\WINDOWS\system32\nvusmb.exe
2006-06-01 19:09 208,896 C:\WINDOWS\system32\nvunrm.exe
2006-06-01 19:09 208,896 C:\WINDOWS\system32\nvuninst.exe
2006-06-01 19:09 208,896 C:\WINDOWS\system32\nvuide.exe
2006-05-19 06:46 94,720 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 06:46 147,456 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 06:46 112,128 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-18 23:35 888,832 C:\WINDOWS\system32\nvmobls.dll
2006-05-18 23:35 86,016 C:\WINDOWS\system32\nvmctray.dll
2006-05-18 23:35 81,920 C:\WINDOWS\system32\nvwddi.dll
2006-05-18 23:35 794,624 C:\WINDOWS\system32\nvcplui.exe
2006-05-18 23:35 7,606,272 C:\WINDOWS\system32\nvcpl.dll
2006-05-18 23:35 581,632 C:\WINDOWS\system32\nvhwvid.dll
2006-05-18 23:35 5,652,480 C:\WINDOWS\system32\nvdisps.dll
2006-05-18 23:35 5,627,904 C:\WINDOWS\system32\nvoglnt.dll
2006-05-18 23:35 5,246,976 C:\WINDOWS\system32\nvdispsr.dll
2006-05-18 23:35 466,944 C:\WINDOWS\system32\nvshell.dll
2006-05-18 23:35 462,848 C:\WINDOWS\system32\nvmccssr.dll
2006-05-18 23:35 45,056 C:\WINDOWS\system32\nvmccsrs.dll
2006-05-18 23:35 442,368 C:\WINDOWS\system32\nvappbar.exe
2006-05-18 23:35 425,984 C:\WINDOWS\system32\keystone.exe
2006-05-18 23:35 4,528,512 C:\WINDOWS\system32\nv4_disp.dll
2006-05-18 23:35 4,313,088 C:\WINDOWS\system32\nvgames.dll
2006-05-18 23:35 35,840 C:\WINDOWS\system32\nvcodins.dll
2006-05-18 23:35 35,840 C:\WINDOWS\system32\nvcod.dll
2006-05-18 23:35 335,872 C:\WINDOWS\system32\nvwrses.dll
2006-05-18 23:35 335,872 C:\WINDOWS\system32\nvwrsel.dll
2006-05-18 23:35 327,680 C:\WINDOWS\system32\nvwrsfr.dll
2006-05-18 23:35 327,680 C:\WINDOWS\system32\nvwrsesm.dll
2006-05-18 23:35 327,680 C:\WINDOWS\system32\nvrshe.dll
2006-05-18 23:35 327,680 C:\WINDOWS\system32\nvrsar.dll
2006-05-18 23:35 323,584 C:\WINDOWS\system32\nvwrspt.dll
2006-05-18 23:35 323,584 C:\WINDOWS\system32\nvwrsit.dll
2006-05-18 23:35 319,488 C:\WINDOWS\system32\nvwrsptb.dll
2006-05-18 23:35 319,488 C:\WINDOWS\system32\nvwrsnl.dll
2006-05-18 23:35 315,392 C:\WINDOWS\system32\nvwrsru.dll
2006-05-18 23:35 315,392 C:\WINDOWS\system32\nvwrshu.dll
2006-05-18 23:35 311,296 C:\WINDOWS\system32\nvwrsde.dll
2006-05-18 23:35 311,296 C:\WINDOWS\system32\nvexpbar.dll
2006-05-18 23:35 303,104 C:\WINDOWS\system32\nvwrstr.dll
2006-05-18 23:35 303,104 C:\WINDOWS\system32\nvwrssl.dll
2006-05-18 23:35 303,104 C:\WINDOWS\system32\nvwrsfi.dll
2006-05-18 23:35 299,008 C:\WINDOWS\system32\nvwrssk.dll
2006-05-18 23:35 299,008 C:\WINDOWS\system32\nvwrsno.dll
2006-05-18 23:35 294,912 C:\WINDOWS\system32\nvwrssv.dll
2006-05-18 23:35 294,912 C:\WINDOWS\system32\nvwrspl.dll
2006-05-18 23:35 294,912 C:\WINDOWS\system32\nvwrsda.dll
2006-05-18 23:35 286,720 C:\WINDOWS\system32\nvwrseng.dll
2006-05-18 23:35 286,720 C:\WINDOWS\system32\nvwrscs.dll
2006-05-18 23:35 286,720 C:\WINDOWS\system32\nvnt4cpl.dll
2006-05-18 23:35 282,624 C:\WINDOWS\system32\nvwrsar.dll
2006-05-18 23:35 282,624 C:\WINDOWS\system32\nvrsit.dll
2006-05-18 23:35 282,624 C:\WINDOWS\system32\nvrsfr.dll
2006-05-18 23:35 282,624 C:\WINDOWS\system32\nvrses.dll
2006-05-18 23:35 282,624 C:\WINDOWS\system32\nvrsel.dll
2006-05-18 23:35 278,528 C:\WINDOWS\system32\nvwrshe.dll
2006-05-18 23:35 278,528 C:\WINDOWS\system32\nvrsde.dll
2006-05-18 23:35 274,432 C:\WINDOWS\system32\nvrspt.dll
2006-05-18 23:35 274,432 C:\WINDOWS\system32\nvrsnl.dll
2006-05-18 23:35 274,432 C:\WINDOWS\system32\nvrsesm.dll
2006-05-18 23:35 270,336 C:\WINDOWS\system32\nvrsru.dll
2006-05-18 23:35 266,240 C:\WINDOWS\system32\nvrsptb.dll
2006-05-18 23:35 266,240 C:\WINDOWS\system32\nvrsja.dll
2006-05-18 23:35 262,144 C:\WINDOWS\system32\nvrsko.dll
2006-05-18 23:35 258,048 C:\WINDOWS\system32\nvrstr.dll
2006-05-18 23:35 258,048 C:\WINDOWS\system32\nvrssl.dll
2006-05-18 23:35 258,048 C:\WINDOWS\system32\nvrssk.dll
2006-05-18 23:35 258,048 C:\WINDOWS\system32\nvrshu.dll
2006-05-18 23:35 253,952 C:\WINDOWS\system32\nvrssv.dll
2006-05-18 23:35 253,952 C:\WINDOWS\system32\nvrspl.dll
2006-05-18 23:35 253,952 C:\WINDOWS\system32\nvrsno.dll
2006-05-18 23:35 253,952 C:\WINDOWS\system32\nvrsda.dll
2006-05-18 23:35 249,856 C:\WINDOWS\system32\nvrsfi.dll
2006-05-18 23:35 245,760 C:\WINDOWS\system32\nvrseng.dll
2006-05-18 23:35 245,760 C:\WINDOWS\system32\nvrscs.dll
2006-05-18 23:35 229,376 C:\WINDOWS\system32\nvmccs.dll
2006-05-18 23:35 225,280 C:\WINDOWS\system32\nvrszhc.dll
2006-05-18 23:35 212,992 C:\WINDOWS\system32\nvwrsja.dll
2006-05-18 23:35 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-05-18 23:35 2,977,792 C:\WINDOWS\system32\nvvitvsr.dll
2006-05-18 23:35 2,924,544 C:\WINDOWS\system32\nvvitvs.dll
2006-05-18 23:35 2,912,256 C:\WINDOWS\system32\nvgamesr.dll
2006-05-18 23:35 2,859,008 C:\WINDOWS\system32\nvmoblsr.dll
2006-05-18 23:35 196,608 C:\WINDOWS\system32\nvwrsko.dll
2006-05-18 23:35 196,608 C:\WINDOWS\system32\nvapi.dll
2006-05-18 23:35 184,320 C:\WINDOWS\system32\nvmccss.dll
2006-05-18 23:35 167,936 C:\WINDOWS\system32\nvwrszht.dll
2006-05-18 23:35 163,840 C:\WINDOWS\system32\nvwrszhc.dll
2006-05-18 23:35 155,715 C:\WINDOWS\system32\nvsvc32.exe
2006-05-18 23:35 147,456 C:\WINDOWS\system32\nvcolor.exe
2006-05-18 23:35 122,880 C:\WINDOWS\system32\nvrszht.dll
2006-05-18 23:35 1,748,992 C:\WINDOWS\system32\nvwssr.dll
2006-05-18 23:35 1,662,976 C:\WINDOWS\system32\nvwdmcpl.dll
2006-05-18 23:35 1,519,616 C:\WINDOWS\system32\nwiz.exe
2006-05-18 23:35 1,466,368 C:\WINDOWS\system32\nview.dll
2006-05-18 23:35 1,339,392 C:\WINDOWS\system32\nvdspsch.exe
2006-05-18 23:35 1,257,472 C:\WINDOWS\system32\nvwss.dll
2006-05-18 23:35 1,019,904 C:\WINDOWS\system32\nvwimg.dll
2006-05-18 23:35 1,011,712 C:\WINDOWS\system32\nvcpluir.dll
2006-05-17 21:53 54,272 C:\WINDOWS\system32\drvtrntm.dll
2006-05-17 07:32 86,073 C:\WINDOWS\system32\usrfaxa.dll
2006-05-17 07:32 8,192 C:\WINDOWS\system32\tsbyuv.dll
2006-05-17 07:32 8,192 C:\WINDOWS\system32\streamci.dll
2006-05-17 07:32 77,891 C:\WINDOWS\system32\usrmlnka.exe
2006-05-17 07:32 77,890 C:\WINDOWS\system32\usrdpa.dll
2006-05-17 07:32 77,883 C:\WINDOWS\system32\usrrtosa.dll
2006-05-17 07:32 72,192 C:\WINDOWS\system32\sprio800.dll
2006-05-17 07:32 70,656 C:\WINDOWS\system32\sprio600.dll
2006-05-17 07:32 69,700 C:\WINDOWS\system32\usrshuta.exe
2006-05-17 07:32 69,699 C:\WINDOWS\system32\usrcoina.dll
2006-05-17 07:32 69,632 C:\WINDOWS\system32\spnike.dll
2006-05-17 07:32 61,508 C:\WINDOWS\system32\usrprbda.exe
2006-05-17 07:32 61,500 C:\WINDOWS\system32\usrcntra.dll
2006-05-17 07:32 55,296 C:\WINDOWS\system32\dvdplay.exe
2006-05-17 07:32 53,305 C:\WINDOWS\system32\usrlbva.dll
2006-05-17 07:32 52,736 C:\WINDOWS\system32\wzcsapi.dll
2006-05-17 07:32 52,224 C:\WINDOWS\system32\dmutil.dll
2006-05-17 07:32 49,211 C:\WINDOWS\system32\usrvpa.dll
2006-05-17 07:32 49,211 C:\WINDOWS\system32\usrsdpia.dll
2006-05-17 07:32 49,209 C:\WINDOWS\system32\usrv80a.dll
2006-05-17 07:32 474,624 C:\WINDOWS\system32\wzcsvc.dll
2006-05-17 07:32 47,616 C:\WINDOWS\system32\iyuv_32.dll
2006-05-17 07:32 47,104 C:\WINDOWS\system32\cnbjmon.dll
2006-05-17 07:32 45,116 C:\WINDOWS\system32\usrvoica.dll
2006-05-17 07:32 41,019 C:\WINDOWS\system32\usrsvpia.dll
2006-05-17 07:32 35,328 C:\WINDOWS\system32\pid.dll
2006-05-17 07:32 323,641 C:\WINDOWS\system32\usrdtea.dll
2006-05-17 07:32 3,200 C:\WINDOWS\system32\wowfax.dll
2006-05-17 07:32 20,992 C:\WINDOWS\system32\hid.dll
2006-05-17 07:32 2,057,984 C:\WINDOWS\system32\ntkrnlpa.exe
2006-05-17 07:32 17,408 C:\WINDOWS\system32\msyuv.dll
2006-05-17 07:32 157,696 C:\WINDOWS\system32\paqsp.dll
2006-05-17 07:32 15,360 C:\WINDOWS\system32\pjlmon.dll
2006-05-17 07:32 147,968 C:\WINDOWS\system32\mdwmdmsp.dll
2006-05-17 07:32 13,824 C:\WINDOWS\system32\wowfaxui.dll
2006-05-17 07:32 102,457 C:\WINDOWS\system32\usrv42a.dll
2006-05-14 04:29 826,368 C:\WINDOWS\system32\wmvdmod.dll
2006-05-14 04:29 66,560 C:\WINDOWS\system32\wpdmtpus.dll
2006-05-14 04:29 61,952 C:\WINDOWS\system32\wpdconns.dll
2006-05-14 04:29 38,912 C:\WINDOWS\system32\wpd_ci.dll
2006-05-14 04:29 331,776 C:\WINDOWS\system32\wpdmtpdr.dll
2006-05-14 04:29 329,728 C:\WINDOWS\system32\wpdsp.dll
2006-05-14 04:29 2,330,624 C:\WINDOWS\system32\wmvcore.dll
2006-05-14 04:29 114,176 C:\WINDOWS\system32\wpdmtp.dll
2006-05-14 04:29 10,752 C:\WINDOWS\system32\wpdtrace.dll
2006-05-14 04:29 1,003,008 C:\WINDOWS\system32\wmvdmoe2.dll
2006-05-14 04:28 988,672 C:\WINDOWS\system32\wmnetmgr.dll
2006-05-14 04:28 96,768 C:\WINDOWS\system32\logagent.exe
2006-05-14 04:28 940,544 C:\WINDOWS\system32\wmspdmoe.dll
2006-05-14 04:28 771,584 C:\WINDOWS\system32\wmsdmod.dll
2006-05-14 04:28 716,288 C:\WINDOWS\system32\wmadmoe.dll
2006-05-14 04:28 6,656 C:\WINDOWS\system32\laprxy.dll
2006-05-14 04:28 581,632 C:\WINDOWS\system32\drmv2clt.dll
2006-05-14 04:28 47,104 C:\WINDOWS\system32\uwdf.exe
2006-05-14 04:28 429,056 C:\WINDOWS\system32\blackbox.dll
2006-05-14 04:28 407,552 C:\WINDOWS\system32\wmspdmod.dll
2006-05-14 04:28 38,912 C:\WINDOWS\system32\wdfmgr.exe
2006-05-14 04:28 37,376 C:\WINDOWS\system32\wmdmps.dll
2006-05-14 04:28 359,936 C:\WINDOWS\system32\wmadmod.dll
2006-05-14 04:28 353,520 C:\WINDOWS\system32\msscp.dll
2006-05-14 04:28 344,064 C:\WINDOWS\system32\wmdrmdev.dll
2006-05-14 04:28 315,904 C:\WINDOWS\system32\mswmdm.dll
2006-05-14 04:28 3,371,008 C:\WINDOWS\system32\wmploc.dll
2006-05-14 04:28 290,816 C:\WINDOWS\system32\wmdrmnet.dll
2006-05-14 04:28 29,184 C:\WINDOWS\system32\wmdmlog.dll
2006-05-14 04:28 25,088 C:\WINDOWS\system32\mspmsnsv.dll
2006-05-14 04:28 23,040 C:\WINDOWS\kb913800.exe
2006-05-14 04:28 227,840 C:\WINDOWS\system32\wmasf.dll
2006-05-14 04:28 221,184 C:\WINDOWS\system32\qasf.dll
2006-05-14 04:28 207,872 C:\WINDOWS\system32\cewmdm.dll
2006-05-14 04:28 180,224 C:\WINDOWS\system32\wmdrmsdk.dll
2006-05-14 04:28 178,936 C:\WINDOWS\system32\drmupgds.exe
2006-05-14 04:28 173,568 C:\WINDOWS\system32\mspmsp.dll
2006-05-14 04:28 150,016 C:\WINDOWS\system32\wmidx.dll
2006-05-14 04:28 15,872 C:\WINDOWS\system32\wdfapi.dll
2006-05-14 04:28 115,200 C:\WINDOWS\system32\msnetobj.dll
2006-05-14 04:28 106,496 C:\WINDOWS\system32\mfplat.dll
2006-05-14 04:28 1,512,448 C:\WINDOWS\system32\wmvadve.dll
2006-05-14 04:28 1,216,000 C:\WINDOWS\system32\wmvadvd.dll
2006-05-14 04:28 1,119,744 C:\WINDOWS\system32\wmsdmoe2.dll
2006-05-13 06:13 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-05-13 06:13 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-05-13 06:13 66,560 C:\WINDOWS\system32\mtxclu.dll
2006-05-13 06:13 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-05-13 06:13 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-05-13 06:13 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-05-13 06:13 1,049,088 C:\WINDOWS\system32\msxml3.dll
2006-05-11 12:06 520,192 C:\WINDOWS\system32\cddbplaylist2sony.dll
2006-05-11 12:05 770,048 C:\WINDOWS\system32\cddbuisony.dll
2006-05-11 12:05 73,728 C:\WINDOWS\system32\cddblinksony.dll
2006-05-11 12:03 585,728 C:\WINDOWS\system32\cddbmusicidsony.dll
2006-05-11 12:02 643,072 C:\WINDOWS\system32\cddbcontrolsony.dll
2006-05-11 10:48 106,496 C:\WINDOWS\system32\drvtrntl.dll
2006-04-24 08:38 231 C:\WINDOWS\system.ini
2006-04-24 08:37 62 C:\Documents and Settings\jay\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-22 19:16 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-22 19:16 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-19 14:07 54,272 C:\WINDOWS\system32\DrvTrNTm.dll
2006-07-19 14:07 106,496 C:\WINDOWS\system32\DrvTrNTl.dll
2006-07-09 11:44 5,632 C:\WINDOWS\system32\ptpusb.dll
2006-07-09 11:44 159,232 C:\WINDOWS\system32\ptpusd.dll
2006-07-07 19:44 90,112 C:\WINDOWS\snymsico.dll
2006-07-07 19:43 770,048 C:\WINDOWS\system32\CDDBUISony.dll
2006-07-07 19:43 73,728 C:\WINDOWS\system32\CddbLinkSony.dll
2006-07-07 19:43 643,072 C:\WINDOWS\system32\CDDBControlSony.dll
2006-07-07 19:43 585,728 C:\WINDOWS\system32\CddbMusicIDSony.dll
2006-07-07 19:43 520,192 C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-07-07 19:43 151,552 C:\WINDOWS\system32\pxwma.dll
2006-07-07 19:43 109,568 C:\WINDOWS\system32\pxinsi64.exe
2006-07-07 19:43 108,544 C:\WINDOWS\system32\pxcpyi64.exe
2006-07-03 17:16 131,072 C:\WINDOWS\system32\SpoonUninstall.exe
2006-06-29 14:51 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-06-29 14:25 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-06-29 14:10 150 C:\WINDOWS\ODBC.INI
2006-06-25 15:06 761,856 C:\WINDOWS\system32\xvidcore.dll
2006-06-25 15:06 180,224 C:\WINDOWS\system32\xvidvfw.dll
2006-06-22 15:20 69 C:\WINDOWS\NeroDigital.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Outpost Firewall"="C:\\Program Files\\Outpost Firewall\\outpost.exe /waitservice"
"OutpostFeedBack"="C:\\Program Files\\Outpost Firewall\\feedback.exe /dump:os_startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe\""
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
"BDSwitchAgent"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdswitch.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"µTorrent"="\"C:\\Program Files\\utorrent.exe\""
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"hwmdr"="\"C:\\Program Files\\EPoX\\EPTP\\EPTP.EXE\" \"5000\""
"TotalRecorderScheduler"="\"C:\\Program Files\\TotalRecorder\\TotRecSched.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Sat 07/22/2006 20:42:48.90
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 23 July 2006 - 01:15 PM

I'm not finding much in your log. You should delete this folder.

C:\Documents and Settings\jay\Application Data\funwebproducts

Otherwise, all of your logs are coming up clean.
Tell me about the popups that you are having. What are they for? What do they say? Do they happen when you are using IE, or all of the time?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dbunder

dbunder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 23 July 2006 - 01:32 PM

Just deleted that directory. I am, however, still getting popups from BitDefender about Iwon and MyWebSearch, and I can't for the life of me track it down. :thumbsup: Thanks for all the help. If you'd like any more hijackthis or any other logs, I'd be glad to provide.

Popups have stopped, and I use only firefox, save for windows update.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 23 July 2006 - 01:36 PM

Post the log from BitDefender so I can see what it's detecting.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 dbunder

dbunder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 23 July 2006 - 03:00 PM

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 22/07/2006 19:58:17
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
E:\
Folders : 5988
Files : 289920
Archives : 6038
Packed files : 12569
Identified viruses : 5
Infected files : 173
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 172
Renamed files : 0
I/O errors : 33
Scan time : 02:23:45
Scan speed (files/sec) : 33

Spyware Statistics

Memory processes scanned : 40
Memory processes infected : 0
Registry keys scanned : 1622
Registry keys infected : 0
Cookies scanned : 21
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 444057
Scan plugins : 15
Archive plugins : 42
Unpack plugins : 5
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1153623497.log

Spyware scan options

[X] Memory Processes
[X] Registry keys
[X] Cookies


Summary:

C:\Program Files\Eset\infected\2QOZO3DA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0001 Detected: Adware.Purityscan.DM
C:\Program Files\Eset\infected\2QOZO3DA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0001 Disinfection failed
C:\Program Files\Eset\infected\2QOZO3DA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0001 Move failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000409.asw Detected: Adware.Mywebsea.A
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000409.asw Disinfection failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000409.asw Moved
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000411.asw Detected: Adware.Iwon.A
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000411.asw Disinfection failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000411.asw Moved
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000419.asw Detected: Adware.Mywebsearch.AN
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000419.asw Disinfection failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000419.asw Moved
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041d.asw Detected: Adware.Msearch.O
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041d.asw Disinfection failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041d.asw Moved
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041e.asw Detected: Adware.Mywebsearch.AN
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041e.asw Disinfection failed
C:\Program Files\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000041e.asw Moved
C:\WINDOWS\Temp\tmp1078 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1078 Disinfection failed
C:\WINDOWS\Temp\tmp1078 Moved
C:\WINDOWS\Temp\tmp10c2 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp10c2 Disinfection failed
C:\WINDOWS\Temp\tmp10c2 Moved
C:\WINDOWS\Temp\tmp10c3 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp10c3 Disinfection failed
C:\WINDOWS\Temp\tmp10c3 Moved
C:\WINDOWS\Temp\tmp10c5 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp10c5 Disinfection failed
C:\WINDOWS\Temp\tmp10c5 Moved
C:\WINDOWS\Temp\tmp10c6 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp10c6 Disinfection failed
C:\WINDOWS\Temp\tmp10c6 Moved
C:\WINDOWS\Temp\tmp1180 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1180 Disinfection failed
C:\WINDOWS\Temp\tmp1180 Moved
C:\WINDOWS\Temp\tmp128b Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp128b Disinfection failed
C:\WINDOWS\Temp\tmp128b Moved
C:\WINDOWS\Temp\tmp12c4 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12c4 Disinfection failed
C:\WINDOWS\Temp\tmp12c4 Moved
C:\WINDOWS\Temp\tmp12ca Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12ca Disinfection failed
C:\WINDOWS\Temp\tmp12ca Moved
C:\WINDOWS\Temp\tmp12cb Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12cb Disinfection failed
C:\WINDOWS\Temp\tmp12cb Moved
C:\WINDOWS\Temp\tmp12cc Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12cc Disinfection failed
C:\WINDOWS\Temp\tmp12cc Moved
C:\WINDOWS\Temp\tmp12cd Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp12cd Disinfection failed
C:\WINDOWS\Temp\tmp12cd Moved
C:\WINDOWS\Temp\tmp12ce Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp12ce Disinfection failed
C:\WINDOWS\Temp\tmp12ce Moved
C:\WINDOWS\Temp\tmp12cf Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12cf Disinfection failed
C:\WINDOWS\Temp\tmp12cf Moved
C:\WINDOWS\Temp\tmp12d6 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12d6 Disinfection failed
C:\WINDOWS\Temp\tmp12d6 Moved
C:\WINDOWS\Temp\tmp12d7 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12d7 Disinfection failed
C:\WINDOWS\Temp\tmp12d7 Moved
C:\WINDOWS\Temp\tmp12d8 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12d8 Disinfection failed
C:\WINDOWS\Temp\tmp12d8 Moved
C:\WINDOWS\Temp\tmp12d9 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp12d9 Disinfection failed
C:\WINDOWS\Temp\tmp12d9 Moved
C:\WINDOWS\Temp\tmp12dc Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp12dc Disinfection failed
C:\WINDOWS\Temp\tmp12dc Moved
C:\WINDOWS\Temp\tmp134f Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp134f Disinfection failed
C:\WINDOWS\Temp\tmp134f Moved
C:\WINDOWS\Temp\tmp1351 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1351 Disinfection failed
C:\WINDOWS\Temp\tmp1351 Moved
C:\WINDOWS\Temp\tmp1352 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1352 Disinfection failed
C:\WINDOWS\Temp\tmp1352 Moved
C:\WINDOWS\Temp\tmp1353 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1353 Disinfection failed
C:\WINDOWS\Temp\tmp1353 Moved
C:\WINDOWS\Temp\tmp14af Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp14af Disinfection failed
C:\WINDOWS\Temp\tmp14af Moved
C:\WINDOWS\Temp\tmp14b0 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp14b0 Disinfection failed
C:\WINDOWS\Temp\tmp14b0 Moved
C:\WINDOWS\Temp\tmp14b1 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp14b1 Disinfection failed
C:\WINDOWS\Temp\tmp14b1 Moved
C:\WINDOWS\Temp\tmp14b3 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp14b3 Disinfection failed
C:\WINDOWS\Temp\tmp14b3 Moved
C:\WINDOWS\Temp\tmp14b4 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp14b4 Disinfection failed
C:\WINDOWS\Temp\tmp14b4 Moved
C:\WINDOWS\Temp\tmp14c8 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp14c8 Disinfection failed
C:\WINDOWS\Temp\tmp14c8 Moved
C:\WINDOWS\Temp\tmp14c9 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp14c9 Disinfection failed
C:\WINDOWS\Temp\tmp14c9 Moved
C:\WINDOWS\Temp\tmp14ca Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp14ca Disinfection failed
C:\WINDOWS\Temp\tmp14ca Moved
C:\WINDOWS\Temp\tmp14cb Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp14cb Disinfection failed
C:\WINDOWS\Temp\tmp14cb Moved
C:\WINDOWS\Temp\tmp1517 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1517 Disinfection failed
C:\WINDOWS\Temp\tmp1517 Moved
C:\WINDOWS\Temp\tmp151a Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp151a Disinfection failed
C:\WINDOWS\Temp\tmp151a Moved
C:\WINDOWS\Temp\tmp151b Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp151b Disinfection failed
C:\WINDOWS\Temp\tmp151b Moved
C:\WINDOWS\Temp\tmp151e Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp151e Disinfection failed
C:\WINDOWS\Temp\tmp151e Moved
C:\WINDOWS\Temp\tmp151f Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp151f Disinfection failed
C:\WINDOWS\Temp\tmp151f Moved
C:\WINDOWS\Temp\tmp155a Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp155a Disinfection failed
C:\WINDOWS\Temp\tmp155a Moved
C:\WINDOWS\Temp\tmp155e Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp155e Disinfection failed
C:\WINDOWS\Temp\tmp155e Moved
C:\WINDOWS\Temp\tmp155f Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp155f Disinfection failed
C:\WINDOWS\Temp\tmp155f Moved
C:\WINDOWS\Temp\tmp1561 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1561 Disinfection failed
C:\WINDOWS\Temp\tmp1561 Moved
C:\WINDOWS\Temp\tmp1563 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1563 Disinfection failed
C:\WINDOWS\Temp\tmp1563 Moved
C:\WINDOWS\Temp\tmp1564 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1564 Disinfection failed
C:\WINDOWS\Temp\tmp1564 Moved
C:\WINDOWS\Temp\tmp15d6 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp15d6 Disinfection failed
C:\WINDOWS\Temp\tmp15d6 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp15d7 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp15d7 Disinfection failed
C:\WINDOWS\Temp\tmp15d7 Moved
C:\WINDOWS\Temp\tmp15d9 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp15d9 Disinfection failed
C:\WINDOWS\Temp\tmp15d9 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1612 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1612 Disinfection failed
C:\WINDOWS\Temp\tmp1612 Moved
C:\WINDOWS\Temp\tmp1613 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1613 Disinfection failed
C:\WINDOWS\Temp\tmp1613 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1614 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1614 Disinfection failed
C:\WINDOWS\Temp\tmp1614 Moved
C:\WINDOWS\Temp\tmp1615 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1615 Disinfection failed
C:\WINDOWS\Temp\tmp1615 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1616 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1616 Disinfection failed
C:\WINDOWS\Temp\tmp1616 Moved
C:\WINDOWS\Temp\tmp164c Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp164c Disinfection failed
C:\WINDOWS\Temp\tmp164c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp164d Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp164d Disinfection failed
C:\WINDOWS\Temp\tmp164d Moved
C:\WINDOWS\Temp\tmp164e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp164e Disinfection failed
C:\WINDOWS\Temp\tmp164e Move failed: Quarantine full
C:\WINDOWS\Temp\tmp165e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp165e Disinfection failed
C:\WINDOWS\Temp\tmp165e Moved
C:\WINDOWS\Temp\tmp165f Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp165f Disinfection failed
C:\WINDOWS\Temp\tmp165f Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1660 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1660 Disinfection failed
C:\WINDOWS\Temp\tmp1660 Moved
C:\WINDOWS\Temp\tmp16a9 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp16a9 Disinfection failed
C:\WINDOWS\Temp\tmp16a9 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp16aa Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp16aa Disinfection failed
C:\WINDOWS\Temp\tmp16aa Moved
C:\WINDOWS\Temp\tmp16e5 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp16e5 Disinfection failed
C:\WINDOWS\Temp\tmp16e5 Moved
C:\WINDOWS\Temp\tmp183e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp183e Disinfection failed
C:\WINDOWS\Temp\tmp183e Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1840 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1840 Disinfection failed
C:\WINDOWS\Temp\tmp1840 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1842 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1842 Disinfection failed
C:\WINDOWS\Temp\tmp1842 Moved
C:\WINDOWS\Temp\tmp1892 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1892 Disinfection failed
C:\WINDOWS\Temp\tmp1892 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1893 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1893 Disinfection failed
C:\WINDOWS\Temp\tmp1893 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1894 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1894 Disinfection failed
C:\WINDOWS\Temp\tmp1894 Moved
C:\WINDOWS\Temp\tmp18cd Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp18cd Disinfection failed
C:\WINDOWS\Temp\tmp18cd Move failed: Quarantine full
C:\WINDOWS\Temp\tmp18ee Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp18ee Disinfection failed
C:\WINDOWS\Temp\tmp18ee Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a53 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a53 Disinfection failed
C:\WINDOWS\Temp\tmp1a53 Moved
C:\WINDOWS\Temp\tmp1a54 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a54 Disinfection failed
C:\WINDOWS\Temp\tmp1a54 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a55 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a55 Disinfection failed
C:\WINDOWS\Temp\tmp1a55 Moved
C:\WINDOWS\Temp\tmp1a60 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a60 Disinfection failed
C:\WINDOWS\Temp\tmp1a60 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a61 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a61 Disinfection failed
C:\WINDOWS\Temp\tmp1a61 Moved
C:\WINDOWS\Temp\tmp1a63 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a63 Disinfection failed
C:\WINDOWS\Temp\tmp1a63 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a64 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a64 Disinfection failed
C:\WINDOWS\Temp\tmp1a64 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a65 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a65 Disinfection failed
C:\WINDOWS\Temp\tmp1a65 Moved
C:\WINDOWS\Temp\tmp1a78 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a78 Disinfection failed
C:\WINDOWS\Temp\tmp1a78 Moved
C:\WINDOWS\Temp\tmp1a8e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a8e Disinfection failed
C:\WINDOWS\Temp\tmp1a8e Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a9b Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a9b Disinfection failed
C:\WINDOWS\Temp\tmp1a9b Moved
C:\WINDOWS\Temp\tmp1a9c Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a9c Disinfection failed
C:\WINDOWS\Temp\tmp1a9c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1a9d Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1a9d Disinfection failed
C:\WINDOWS\Temp\tmp1a9d Moved
C:\WINDOWS\Temp\tmp1ab8 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1ab8 Disinfection failed
C:\WINDOWS\Temp\tmp1ab8 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1aba Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1aba Disinfection failed
C:\WINDOWS\Temp\tmp1aba Moved
C:\WINDOWS\Temp\tmp1abb Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1abb Disinfection failed
C:\WINDOWS\Temp\tmp1abb Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b62 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b62 Disinfection failed
C:\WINDOWS\Temp\tmp1b62 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b63 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b63 Disinfection failed
C:\WINDOWS\Temp\tmp1b63 Moved
C:\WINDOWS\Temp\tmp1b64 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b64 Disinfection failed
C:\WINDOWS\Temp\tmp1b64 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b65 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b65 Disinfection failed
C:\WINDOWS\Temp\tmp1b65 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b66 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b66 Disinfection failed
C:\WINDOWS\Temp\tmp1b66 Moved
C:\WINDOWS\Temp\tmp1b67 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1b67 Disinfection failed
C:\WINDOWS\Temp\tmp1b67 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b68 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b68 Disinfection failed
C:\WINDOWS\Temp\tmp1b68 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b69 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b69 Disinfection failed
C:\WINDOWS\Temp\tmp1b69 Moved
C:\WINDOWS\Temp\tmp1b78 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b78 Disinfection failed
C:\WINDOWS\Temp\tmp1b78 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b79 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1b79 Disinfection failed
C:\WINDOWS\Temp\tmp1b79 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1b7a Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1b7a Disinfection failed
C:\WINDOWS\Temp\tmp1b7a Moved
C:\WINDOWS\Temp\tmp1c24 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1c24 Disinfection failed
C:\WINDOWS\Temp\tmp1c24 Moved
C:\WINDOWS\Temp\tmp1c25 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1c25 Disinfection failed
C:\WINDOWS\Temp\tmp1c25 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1c26 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1c26 Disinfection failed
C:\WINDOWS\Temp\tmp1c26 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1c4a Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1c4a Disinfection failed
C:\WINDOWS\Temp\tmp1c4a Moved
C:\WINDOWS\Temp\tmp1c4b Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1c4b Disinfection failed
C:\WINDOWS\Temp\tmp1c4b Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1c4c Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1c4c Disinfection failed
C:\WINDOWS\Temp\tmp1c4c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1ca0 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1ca0 Disinfection failed
C:\WINDOWS\Temp\tmp1ca0 Moved
C:\WINDOWS\Temp\tmp1d8b Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d8b Disinfection failed
C:\WINDOWS\Temp\tmp1d8b Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1d8c Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1d8c Disinfection failed
C:\WINDOWS\Temp\tmp1d8c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1d8d Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1d8d Disinfection failed
C:\WINDOWS\Temp\tmp1d8d Moved
C:\WINDOWS\Temp\tmp1d8e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d8e Disinfection failed
C:\WINDOWS\Temp\tmp1d8e Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1d98 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d98 Disinfection failed
C:\WINDOWS\Temp\tmp1d98 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1d99 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d99 Disinfection failed
C:\WINDOWS\Temp\tmp1d99 Moved
C:\WINDOWS\Temp\tmp1d9a Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d9a Disinfection failed
C:\WINDOWS\Temp\tmp1d9a Moved
C:\WINDOWS\Temp\tmp1d9c Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp1d9c Disinfection failed
C:\WINDOWS\Temp\tmp1d9c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fc2 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fc2 Disinfection failed
C:\WINDOWS\Temp\tmp1fc2 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fc4 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fc4 Disinfection failed
C:\WINDOWS\Temp\tmp1fc4 Moved
C:\WINDOWS\Temp\tmp1fc6 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fc6 Disinfection failed
C:\WINDOWS\Temp\tmp1fc6 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fc8 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fc8 Disinfection failed
C:\WINDOWS\Temp\tmp1fc8 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fca Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fca Disinfection failed
C:\WINDOWS\Temp\tmp1fca Moved
C:\WINDOWS\Temp\tmp1fcc Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fcc Disinfection failed
C:\WINDOWS\Temp\tmp1fcc Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fce Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fce Disinfection failed
C:\WINDOWS\Temp\tmp1fce Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fd0 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fd0 Disinfection failed
C:\WINDOWS\Temp\tmp1fd0 Moved
C:\WINDOWS\Temp\tmp1fd2 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fd2 Disinfection failed
C:\WINDOWS\Temp\tmp1fd2 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp1fee Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp1fee Disinfection failed
C:\WINDOWS\Temp\tmp1fee Move failed: Quarantine full
C:\WINDOWS\Temp\tmp2003 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp2003 Disinfection failed
C:\WINDOWS\Temp\tmp2003 Moved
C:\WINDOWS\Temp\tmp200c Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp200c Disinfection failed
C:\WINDOWS\Temp\tmp200c Move failed: Quarantine full
C:\WINDOWS\Temp\tmp200f Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp200f Disinfection failed
C:\WINDOWS\Temp\tmp200f Move failed: Quarantine full
C:\WINDOWS\Temp\tmp2010 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp2010 Disinfection failed
C:\WINDOWS\Temp\tmp2010 Moved
C:\WINDOWS\Temp\tmp2038 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp2038 Disinfection failed
C:\WINDOWS\Temp\tmp2038 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp205d Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp205d Disinfection failed
C:\WINDOWS\Temp\tmp205d Moved
C:\WINDOWS\Temp\tmp205e Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp205e Disinfection failed
C:\WINDOWS\Temp\tmp205e Moved
C:\WINDOWS\Temp\tmp205f Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp205f Disinfection failed
C:\WINDOWS\Temp\tmp205f Moved
C:\WINDOWS\Temp\tmp20ac Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp20ac Disinfection failed
C:\WINDOWS\Temp\tmp20ac Moved
C:\WINDOWS\Temp\tmp20ad Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp20ad Disinfection failed
C:\WINDOWS\Temp\tmp20ad Move failed: Quarantine full
C:\WINDOWS\Temp\tmp20ae Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp20ae Disinfection failed
C:\WINDOWS\Temp\tmp20ae Moved
C:\WINDOWS\Temp\tmp220c Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp220c Disinfection failed
C:\WINDOWS\Temp\tmp220c Moved
C:\WINDOWS\Temp\tmp2284 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp2284 Disinfection failed
C:\WINDOWS\Temp\tmp2284 Moved
C:\WINDOWS\Temp\tmp2383 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp2383 Disinfection failed
C:\WINDOWS\Temp\tmp2383 Moved
C:\WINDOWS\Temp\tmp2463 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp2463 Disinfection failed
C:\WINDOWS\Temp\tmp2463 Moved
C:\WINDOWS\Temp\tmp25bb Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp25bb Disinfection failed
C:\WINDOWS\Temp\tmp25bb Moved
C:\WINDOWS\Temp\tmp25be Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp25be Disinfection failed
C:\WINDOWS\Temp\tmp25be Moved
C:\WINDOWS\Temp\tmp25e2 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp25e2 Disinfection failed
C:\WINDOWS\Temp\tmp25e2 Move failed: Quarantine full
C:\WINDOWS\Temp\tmp25fa Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp25fa Disinfection failed
C:\WINDOWS\Temp\tmp25fa Moved
C:\WINDOWS\Temp\tmp2651 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp2651 Disinfection failed
C:\WINDOWS\Temp\tmp2651 Moved
C:\WINDOWS\Temp\tmp2703 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmp2703 Disinfection failed
C:\WINDOWS\Temp\tmp2703 Moved
C:\WINDOWS\Temp\tmp2704 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmp2704 Disinfection failed
C:\WINDOWS\Temp\tmp2704 Moved
C:\WINDOWS\Temp\tmpc9d Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpc9d Disinfection failed
C:\WINDOWS\Temp\tmpc9d Moved
C:\WINDOWS\Temp\tmpc9f Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpc9f Disinfection failed
C:\WINDOWS\Temp\tmpc9f Moved
C:\WINDOWS\Temp\tmpcfc Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpcfc Disinfection failed
C:\WINDOWS\Temp\tmpcfc Moved
C:\WINDOWS\Temp\tmpcfd Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpcfd Disinfection failed
C:\WINDOWS\Temp\tmpcfd Move failed: Quarantine full
C:\WINDOWS\Temp\tmpcfe Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpcfe Disinfection failed
C:\WINDOWS\Temp\tmpcfe Moved
C:\WINDOWS\Temp\tmpcff Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpcff Disinfection failed
C:\WINDOWS\Temp\tmpcff Moved
C:\WINDOWS\Temp\tmpd1d Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpd1d Disinfection failed
C:\WINDOWS\Temp\tmpd1d Moved
C:\WINDOWS\Temp\tmpd1e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd1e Disinfection failed
C:\WINDOWS\Temp\tmpd1e Move failed: Quarantine full
C:\WINDOWS\Temp\tmpd3a Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd3a Disinfection failed
C:\WINDOWS\Temp\tmpd3a Moved
C:\WINDOWS\Temp\tmpd3b Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd3b Disinfection failed
C:\WINDOWS\Temp\tmpd3b Moved
C:\WINDOWS\Temp\tmpd4c Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpd4c Disinfection failed
C:\WINDOWS\Temp\tmpd4c Moved
C:\WINDOWS\Temp\tmpd4d Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd4d Disinfection failed
C:\WINDOWS\Temp\tmpd4d Moved
C:\WINDOWS\Temp\tmpd4e Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd4e Disinfection failed
C:\WINDOWS\Temp\tmpd4e Moved
C:\WINDOWS\Temp\tmpd4f Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpd4f Disinfection failed
C:\WINDOWS\Temp\tmpd4f Moved
C:\WINDOWS\Temp\tmpd86 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpd86 Disinfection failed
C:\WINDOWS\Temp\tmpd86 Moved
C:\WINDOWS\Temp\tmpdc9 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpdc9 Disinfection failed
C:\WINDOWS\Temp\tmpdc9 Moved
C:\WINDOWS\Temp\tmpdca Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpdca Disinfection failed
C:\WINDOWS\Temp\tmpdca Moved
C:\WINDOWS\Temp\tmpdcb Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpdcb Disinfection failed
C:\WINDOWS\Temp\tmpdcb Moved
C:\WINDOWS\Temp\tmpdcc Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpdcc Disinfection failed
C:\WINDOWS\Temp\tmpdcc Moved
C:\WINDOWS\Temp\tmpec2 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpec2 Disinfection failed
C:\WINDOWS\Temp\tmpec2 Moved
C:\WINDOWS\Temp\tmpf84 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpf84 Disinfection failed
C:\WINDOWS\Temp\tmpf84 Moved
C:\WINDOWS\Temp\tmpf85 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpf85 Disinfection failed
C:\WINDOWS\Temp\tmpf85 Moved
C:\WINDOWS\Temp\tmpf86 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpf86 Disinfection failed
C:\WINDOWS\Temp\tmpf86 Moved
C:\WINDOWS\Temp\tmpf87 Detected: Adware.Iwon.A
C:\WINDOWS\Temp\tmpf87 Disinfection failed
C:\WINDOWS\Temp\tmpf87 Moved
C:\WINDOWS\Temp\tmpf88 Detected: Adware.Mywebsearch.AN
C:\WINDOWS\Temp\tmpf88 Disinfection failed
C:\WINDOWS\Temp\tmpf88 Moved

Yet it still pops up once in a while saying I have the virus.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 23 July 2006 - 03:37 PM

Let's get rid of the temp files.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


==============


The others are quarantined files. You should be able to remove them permanently by opening up those programs and removing quarantined items.


==============


Once you've done that, reboot your computer. Then run a new scan with BitDefender and post that log for me to review.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 dbunder

dbunder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 23 July 2006 - 07:52 PM

Nothing to report from bitdefender, and no popups yet. But if anything else comes up I'll post again to this topic. Meanwhile, here's a rapport.txt, just in case:

SmitFraudFix v2.74

Scan done at 14:30:56.53, Sun 07/23/2006
Run from C:\Documents and Settings\jay\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 23 July 2006 - 08:37 PM

That's clean! I think you are good to go. Let me know if you do run into any problems, but in the meantime here are suggestions for you to keep your computer safe.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :flowers:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:51 PM

Posted 08 August 2006 - 06:47 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users