Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Never Ending Popups!


  • Please log in to reply
13 replies to this topic

#1 Merii

Merii

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 August 2006 - 11:19 AM

Hi! I've downloaded Adaware se personal and sypbot search and destroy, yet nothing seems to fix my problems with the popups. When I leave my my computer on for around 7 hours, 57 popups are waiting! Help! It's getting really annoying!

Here is my HJK log and I hope you can help me. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:13:35 AM, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\ms05401982-1838.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Merisha Shim\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ms05401982-1838] C:\WINDOWS\ms05401982-1838.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [bmjzuxfA] C:\WINDOWS\bmjzuxfA.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [dwlad503] RUNDLL32.EXE w4e9122e.dll,n 002ad5010000000a4e9122e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 08 August 2006 - 12:15 PM

Hey Merii and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

1) Please download Ewido Anti-Spyware and save the file to your desktop.
This is a free 30 day trial version of the program.
  • Locate the icon on your desktop and double click it to open the set-up program.
  • Follow the instructions on screen to install Ewido.
  • Run the program and you will meet the main screen.
  • Select the icon "Update" then select the "Update now" link
  • Next click the "Start Update" button; a progress bar will show the updates being installed.
  • Now select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Click on "Recommended actions" and then select "Quarantine".
  • Close the program now, we will be running a scan a bit later.
2) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O4 - HKLM\..\Run: [ms05401982-1838] C:\WINDOWS\ms05401982-1838.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [bmjzuxfA] C:\WINDOWS\bmjzuxfA.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [dwlad503] RUNDLL32.EXE w4e9122e.dll,n 002ad5010000000a4e9122e
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

3) Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

4) Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\ms05401982-1838.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\bmjzuxfA.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\system32\w4e9122e.dll

5) Launch Ewido by double clicking on the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab.
  • Then click on the "Complete System Scan" button.
  • If you have any infections you will be asked for an action - select "apply all actions".
  • Now select the "Reports" icon at the top.
  • Click "Save Report As" and save the text file to your desktop.
  • Close Ewido and reboot back into normal mode.
6) Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

7) Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Also post the uninstall list and the ewido log.

David

#3 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 August 2006 - 01:26 PM

Hi, thank you for the fast reply... Here are the results.

Report scan from ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:06:27 AM 08/08/2006

+ Scan result:



C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001435.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001502.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001453.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001454.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001504.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001505.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001491.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001494.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001495.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001681.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001342.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\mit1D8.tmp.cab/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\mit1D8.tmp/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004243.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004245.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001507.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001356.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004230.exe/VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001346.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001503.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001684.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\GLB201.tmp/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001350.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001351.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004247.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004247.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004247.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001250.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001251.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001417.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001418.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001419.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001424.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001452.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001510.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001511.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001512.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001513.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP15\A0004246.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001487.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001488.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001492.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001493.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\drsmartload180a.exe -> Downloader.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001341.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001683.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001506.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001691.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001234.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001457.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001458.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001489.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001339.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001484.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001338.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001483.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001336.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001481.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001485.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001337.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001482.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001249.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP16\A0004329.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001688.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001689.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001690.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001240.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001253.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001321.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001678.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001247.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP12\A0001248.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001499.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001682.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001687.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001455.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001498.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001685.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001467.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001496.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Local Settings\Temp\pre.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001456.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@news.com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.394:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.395:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@creative.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Popularix : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@ads01.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Merisha Shim\Cookies\merisha shim@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Merisha Shim\Application Data\Mozilla\Firefox\Profiles\6cg2drkp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001490.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001676.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{99D0501A-93DA-4219-854D-466F3ADDDA85}\RP13\A0001677.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

Here is the uninstall list

Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3076
Acer Empowering Technology
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Screensaver
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Agere Systems HDA Modem
BitTorrent 4.20.6
ccCommon
ewido anti-spyware 4.0
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 3
Launch Manager
LimeWire 4.12.4
LiveUpdate 3.0 (Symantec Corporation)
MapleStory
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
mIRC
mMHouse
Mozilla Firefox (1.5)
mPfMgr
mProSafe
MSN Messenger 7.5
mWlsSafe
mXML
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerProducer
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
XviD 1.1 final uninstall

And here is the combofix

Start Time= 08/08/2006 11:22:48.76
Running from: C:\Documents and Settings\Merisha Shim\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-08 11:22:54 283 ( A.... ) "C:\ComboFix.txt"
2006-08-08 11:22:32 103 ( A.... ) "C:\ComboFix.2006-08-08.112248.txt"
2006-08-08 11:20:34 103 ( A.... ) "C:\ComboFix.2006-08-08.112230.txt"
2006-08-08 11:15:58 95 ( A.... ) "C:\ComboFix.2006-08-08.112033.txt"
2006-08-08 11:15:44 ( .D... ) "C:\sUBs"
2006-08-08 11:09:06 792723456 ( A.SH. ) "C:\pagefile.sys"
2006-08-08 11:09:06 526569472 ( A.SH. ) "C:\hiberfil.sys"
2006-08-08 10:33:08 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-07 23:43:38 ( .D... ) "C:\Program Files\Lavasoft"
2006-08-07 23:23:00 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-08-07 17:21:30 ( .DSH. ) "C:\FOUND.001"
2006-08-07 13:52:28 ( .DSH. ) "C:\FOUND.000"
2006-08-06 23:00:56 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-08-06 23:00:32 5118736 ( A.... ) "C:\Firefox Setup 1.5.0.6.exe"
2006-08-06 23:00:32 5118736 ( A.... ) "C:\Firefox Setup 1.5.0.6.exe"
2006-08-06 21:10:08 ( .D... ) "C:\Program Files\mIRC"
2006-08-06 21:09:58 1121693 ( A.... ) "C:\mirc62.exe"
2006-08-06 21:09:58 1121693 ( A.... ) "C:\mirc62.exe"
2006-08-06 16:45:58 1167 ( A.... ) "C:\WINDOWS\system32\dwlad503.sys"
2006-08-06 16:45:58 1167 ( A.... ) "C:\WINDOWS\system32\dwlad503.sys"
2006-08-06 15:37:04 61952 ( A.... ) "C:\WINDOWS\system32\dwlad503.dll"
2006-08-06 15:37:00 ( .D... ) "C:\Program Files\Common Files\kowq"
2006-08-06 15:36:28 2 ( A.... ) "C:\WINDOWS\system32\wnstssv.exe"
2006-08-06 15:36:26 ( .D... ) "C:\Program Files\Common Files\ąppPatch"
2006-08-06 10:21:18 ( .D... ) "C:\Program Files\Java"
2006-08-06 10:19:38 ( .D... ) "C:\Program Files\Common Files\Java"
2006-08-06 10:19:08 ( .D... ) "C:\Program Files\LimeWire"
2006-08-06 10:16:54 359112 ( A.... ) "C:\Program Files\LimeWireWin.exe"
2006-08-06 09:49:32 ( .D... ) "C:\Program Files\XviD"
2006-08-06 09:49:12 643711 ( A.... ) "C:\Program Files\XviD-1.1.0-30122005.exe"
2006-08-06 07:42:06 ( .D... ) "C:\Program Files\Launch Manager"
2006-08-06 07:37:12 ( .D... ) "C:\Program Files\WinPCap"
2006-08-06 07:33:34 ( .DSH. ) "C:\System Volume Information"
2006-08-06 07:33:30 211 ( A.SHR ) "C:\boot.ini"
2006-08-05 23:10:32 3228768 ( A.... ) "C:\Program Files\H264Encoder.exe"
2006-08-05 23:01:50 ( .D... ) "C:\Program Files\WinZip"
2006-08-05 23:01:26 5928552 ( A.... ) "C:\Program Files\winzip100.exe"
2006-08-05 23:00:02 2223653 ( A.... ) "C:\Program Files\mpc2kxp6490.zip"
2006-08-05 22:58:32 1663564 ( A.... ) "C:\Program Files\mpc2kxp6490.7z"
2006-08-05 22:46:40 ( .D... ) "C:\Program Files\Winamp"
2006-08-05 22:46:14 4821575 ( A.... ) "C:\Program Files\winamp524.exe"
2006-08-05 18:46:44 ( .D... ) "C:\Program Files\BitTorrent"
2006-08-05 18:46:40 ( .D... ) "C:\Program Files\Wizet"
2006-08-05 18:46:18 5836671 ( A.... ) "C:\Program Files\BitTorrent-4.20.6.exe"
2006-08-05 18:40:46 407631784 ( A.... ) "C:\Program Files\MSSetup.exe"
2006-08-05 18:35:16 ( .D... ) "C:\Program Files\MSN Messenger"
2006-08-05 18:34:36 9359560 ( A.... ) "C:\Program Files\Install_MSN_Messenger.exe"
2006-08-05 18:16:58 15272744 ( A.... ) "C:\Program Files\Install_Messenger_nous.exe"
2006-08-05 18:13:54 ( .DSH. ) "C:\Recycled"
2006-07-25 18:03:44 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll"
2006-07-14 11:14:22 824 ( A.... ) "C:\WINDOWS\HotFix.bat"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-08 12:08:36 534208 ( A.... ) "C:\WINDOWS\system32\SymNeti.dll"
2006-06-08 12:08:36 161472 ( A.... ) "C:\WINDOWS\system32\SymRedir.dll"
2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-16 14:34:38 87808 ( A.... ) "C:\WINDOWS\system32\S32EVNT1.DLL"
2006-03-20 15:37:52 5689344 ( A.... ) "C:\Program Files\mplayerc.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-06 23:00 5,118,736 C:\Firefox
2006-08-06 21:09 1,121,693 C:\mirc62.exe
2006-08-06 21:04 221,184 C:\WINDOWS\system32\wmpns.dll
2006-08-06 15:37 61,952 C:\WINDOWS\system32\dwlad503.dll
2006-08-06 15:37 1,167 C:\WINDOWS\system32\dwlad503.sys
2006-08-06 15:36 2 C:\WINDOWS\system32\wnstssv.exe
2006-08-06 10:22 49,250 C:\WINDOWS\system32\javaw.exe
2006-08-06 10:22 49,248 C:\WINDOWS\system32\java.exe
2006-08-06 10:22 127,078 C:\WINDOWS\system32\javaws.exe
2006-08-06 09:49 761,856 C:\WINDOWS\system32\xvidcore.dll
2006-08-06 09:49 180,224 C:\WINDOWS\system32\xvidvfw.dll
2006-08-06 07:51 40,960 C:\WINDOWS\system32\ImageItEncrypt.exe
2006-08-06 07:42 935,424 C:\WINDOWS\system32\ERUpdateHidden.EXE
2006-08-06 07:42 5,120 C:\WINDOWS\system32\FILTRCOI.DLL
2006-08-06 07:42 49,152 C:\WINDOWS\system32\QtBtLib.dll
2006-08-06 07:42 258,048 C:\WINDOWS\system32\Uninstall_eRecovery.exe
2006-08-06 07:42 258,048 C:\WINDOWS\system32\CheckD2DSystem.exe
2006-08-06 07:42 16,384 C:\WINDOWS\system32\ClearEvent.exe
2006-08-06 07:42 159,744 C:\WINDOWS\system32\CloseProcessWindow.dll
2006-08-06 07:42 147,456 C:\WINDOWS\UNINST32.EXE
2006-08-06 07:37 53,299 C:\WINDOWS\system32\pthreadVC.dll
2006-08-06 07:36 868,352 C:\WINDOWS\system32\WirelessMgr.dll
2006-08-06 07:36 81,920 C:\WINDOWS\system32\packet.dll
2006-08-06 07:36 61,440 C:\WINDOWS\system32\WanPacket.dll
2006-08-06 07:36 49,152 C:\WINDOWS\system32\acerGina.dll
2006-08-06 07:36 233,472 C:\WINDOWS\system32\wpcap.dll
2006-08-06 07:35 53,248 C:\WINDOWS\system32\acpimof.dll
2006-08-06 07:35 45,056 C:\WINDOWS\system32\Epm-Po.dll
2006-08-06 07:08 792,723,456 C:\pagefile.sys
2006-08-06 07:08 526,569,472 C:\hiberfil.sys
2006-08-05 18:49 4,682 C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"AGRSMMSG"="AGRSMMSG.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"
"ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 0"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"ImageItEncrypt"="C:\\WINDOWS\\system32\\ImageItEncrypt.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"




Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Merisha Shim.job
C:\WINDOWS\tasks\At2.job

Completion time: 08/08/2006 11:22:58.89
ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-08.112033.txt
ComboFix.2006-08-08.112230.txt
ComboFix.2006-08-08.112248.txt

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 08 August 2006 - 01:34 PM

New Hijackthis log please. :thumbsup:
I've had interest by a security expert for a few files on your system.

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\WINDOWS\system32\dwlad503.dll

Then click the Send File button below.
Please let me know when you have submitted the file.

Please do the same for:
C:\WINDOWS\system32\dwlad503.sys

David

Edited by D-Trojanator, 08 August 2006 - 01:41 PM.


#5 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 August 2006 - 02:18 PM

Hi! Here is the new hijack log, also I've submitted the two files as you requested.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:45 PM, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Merisha Shim\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 08 August 2006 - 04:38 PM

Ok, looking much better, but still got a bit more to do.
Before we continue I need one more log.

Download WinpFind.
Extract WinPFind.zip to your c:\ folder.
Reboot into Safe Mode ( without networking support !)
To get into the Safe mode as the computer is booting press and hold your "F8 Key".
Use your arrow keys to move to "Safe Mode" and press your Enter key.
Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to scart scanning your computer.
Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed.
Reboot your computer back to normal mode and and post the contents of the log as a reply to this topic.

David

#7 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 August 2006 - 10:13 AM

Here is the latest log. And by the way, I haven't had a single popup! Thank you!!!

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 06/08/2006 11:00:32 PM 5118736 C:\Firefox Setup 1.5.0.6.exe

Checking %ProgramFilesDir% folder...
UPX! 05/08/2006 6:40:46 PM 407631784 C:\Program Files\MSSetup.exe
FSG! 05/08/2006 6:40:46 PM 407631784 C:\Program Files\MSSetup.exe
PECompact2 05/08/2006 11:01:26 PM 5928552 C:\Program Files\winzip100.exe

Checking %WinDir% folder...
SAHAgent 08/08/2006 8:43:50 PM 1900544 C:\WINDOWS\WindowsUpdate.log
aspack 14/12/2005 8:56:06 PM 187392 C:\WINDOWS\Acer.scr

Checking %System% folder...
PEC2 04/08/2004 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 04/08/2004 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 04/08/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 5:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 06/03/2006 9:25:40 PM 199168 C:\WINDOWS\SYSTEM32\CryptoAPI.dll
UPX! 22/03/2006 2:46:02 PM 109056 C:\WINDOWS\SYSTEM32\keyManager.dll
UPX! 08/03/2006 5:19:28 PM 1421824 C:\WINDOWS\SYSTEM32\UIVCL.dll
UPX! 02/03/2006 7:35:48 PM 67584 C:\WINDOWS\SYSTEM32\HTCA_SelfExtract.bin
UPX! 06/08/2006 3:37:04 PM 61952 C:\WINDOWS\SYSTEM32\dwlad503.dll
aspack 06/07/2006 6:21:48 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
09/08/2006 1:49:04 AM S 2048 C:\WINDOWS\bootstat.dat
08/08/2006 10:00:42 PM H 54156 C:\WINDOWS\QTFont.qfn
09/08/2006 1:15:52 AM H 1122304 C:\WINDOWS\system32\config\system.LOG
09/08/2006 1:33:58 AM H 73728 C:\WINDOWS\system32\config\software.LOG
09/08/2006 12:10:46 AM H 8192 C:\WINDOWS\system32\config\default.LOG
09/08/2006 1:49:06 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
09/08/2006 1:49:20 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/08/2006 9:02:14 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
06/08/2006 7:09:46 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
06/08/2006 7:09:46 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
06/08/2006 7:08:38 AM H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
06/08/2006 7:08:38 AM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
05/08/2006 6:22:10 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
05/08/2006 6:22:22 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
05/08/2006 6:22:34 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
05/08/2006 6:22:10 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
05/08/2006 6:22:22 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
05/08/2006 6:22:34 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
19/06/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
22/06/2006 4:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
06/08/2006 9:06:10 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\fcc664ad-11b2-44d4-8447-cb565c5f097f
06/08/2006 9:06:10 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
06/08/2006 7:09:14 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\aec10ec1-e5c9-46c2-baa4-c81f592f7483
05/08/2006 7:18:32 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
06/08/2006 7:09:14 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e3cc63f4-90b6-4094-beaa-eea80dc96b7e
06/08/2006 5:57:08 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a9517531-f1b9-40e1-8ed6-2e5ff422b9e1
05/08/2006 7:18:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1804fb25-3a5d-402f-89b8-59beba3577dd
06/08/2006 10:38:44 AM H 0 C:\WINDOWS\inf\oem14.inf
08/08/2006 8:33:56 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Intel Corporation 28/11/2005 1:54:46 PM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 21/09/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl
Realtek Semiconductor Corp. 10/01/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl
Sun Microsystems, Inc. 13/04/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 03/08/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 04/08/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
04/04/2006 10:15:44 AM 1585 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
04/04/2006 10:00:16 AM 1665 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
04/04/2006 9:43:22 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
05/08/2006 11:02:20 PM 1426 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
04/04/2006 9:37:52 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
09/08/2006 1:26:24 AM 1753 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
04/04/2006 9:43:22 AM HS 84 C:\Documents and Settings\Merisha Shim\Start Menu\Programs\Startup\desktop.ini
06/08/2006 2:10:44 PM 1446 C:\Documents and Settings\Merisha Shim\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Checking files in %USERPROFILE%\Application Data folder...
04/04/2006 9:37:52 AM HS 62 C:\Documents and Settings\Merisha Shim\Application Data\desktop.ini
06/08/2006 3:53:16 PM 81 C:\Documents and Settings\Merisha Shim\Application Data\Sskdmns.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EDSshellExt
{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\WINDOWS\system32\eDSshellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EDSshellExt
{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\WINDOWS\system32\eDSshellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} = Acer eDataSecurity Management : C:\WINDOWS\system32\eDStoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} = Acer eDataSecurity Management : C:\WINDOWS\system32\eDStoolbar.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LaunchApp Alaunch
AGRSMMSG AGRSMMSG.exe
RTHDCPL RTHDCPL.EXE
Alcmtr ALCMTR.EXE
AzMixerSel C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
Acer ePresentation HPD C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
ntiMUI C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

eDataSecurity Loader C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
ePower_DMC C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot C:\Acer\Empowering Technology\ePower\Boot.exe
LManager C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt C:\WINDOWS\system32\ImageItEncrypt.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BitTorrent "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxdev.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 09/08/2006 6:34:00 AM

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 09 August 2006 - 11:07 AM

Hey Merii,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

You are using the LimeWire p2p file sharing program.
This is not technically malware by itself, but it installs malware in order to run properly.
It also opens the door for every other nasty program you can think of.
I strongly recommend that you remove it from your computer.
Read this article for alternatives that will provide some of the same function without the garbage:
http://www.spywareinfo.com/articles/p2p/

I suggest you remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
LimeWire

This is another article you can read:
http://www.cexx.org/adware.htm

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.f

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\dwlad503.sys
C:\WINDOWS\system32\dwlad503.dll
C:\Program Files\Common Files\kowq <--folder
C:\WINDOWS\system32\wnstssv.exe
C:\Program Files\Common Files\ąppPatch <--folder

Reboot back to normal mode and let me know how the computer is running.
Post a final Hijackthis log also.
David

#9 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 August 2006 - 12:17 PM

Hi

Here is the latest hjk log and also I used windows explorer to look for those files to be deleted, I successfully deleted all but the last one, C:\Program Files\Common Files\ąppPatch. So I don't know if it's been deleted already or whatnot.



Logfile of HijackThis v1.99.1
Scan saved at 10:13:12 AM, on 09/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Merisha Shim\My Documents\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 09 August 2006 - 12:23 PM

Yes, that file should be gone now.
I just want to check an uninstall list quickly.

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

David

#11 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 August 2006 - 03:05 PM

Here is the uninstall list

Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3076
Acer Empowering Technology
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Screensaver
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Agere Systems HDA Modem
BitTorrent 4.20.6
ccCommon
ewido anti-spyware 4.0
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 3
Launch Manager
LiveUpdate 3.0 (Symantec Corporation)
MapleStory
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
mIRC
mMHouse
Mozilla Firefox (1.5)
mPfMgr
mProSafe
MSN Messenger 7.5
mWlsSafe
mXML
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB921883)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XviD 1.1 final uninstall

Thanks again.

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 09 August 2006 - 04:03 PM

Great I see a clean log there too.
Let me know how the computer is running.
David :thumbsup:

#13 Merii

Merii
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 August 2006 - 05:14 PM

Wow! My computer is now doing great! I can't thank you enough!

No more random toolbars and no more popups! Yah! :thumbsup:

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:25 PM

Posted 10 August 2006 - 02:59 AM

Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users