Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ssk :(


  • This topic is locked This topic is locked
8 replies to this topic

#1 Silanthras

Silanthras

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 September 2006 - 05:41 AM

Somehow got surfsidekick3 from a family member downloading something, ive tried to edit the registry, ive ran everything for spyware, SD&D and Ad-aware find it but they cant remove it, housecall locks up e very time, and so do a few other spyware programs I tried to run. I tried to remove it via the HJT instructions but for the unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs303169590.dll)
Error #5 - Invalid procedure call or argument

and heres the log, thanks for any help any can give :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 6:35:58 AM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\ms04177054-857.exe
C:\WINDOWS\mzhxokoA.exe
C:\WINDOWS\sys10-857177054.exe
C:\WINDOWS\xdvmsoeA.exe
C:\WINDOWS\sys01857177054-.exe
C:\WINDOWS\nmxfesvA.exe
C:\WINDOWS\sys0257177054-8.exe
C:\WINDOWS\tnrojvlA.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\ms0577054-8571.exe
C:\WINDOWS\druzbnmA.exe
C:\Program Files\Common Files\{CCE88422-0960-1033-1018-050914050001}\Update.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iacxq.exe
F2 - REG:system.ini: UserInit=userinit.exe,suibbif.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ms04177054-857] C:\WINDOWS\ms04177054-857.exe
O4 - HKLM\..\Run: [mzhxokoA] C:\WINDOWS\mzhxokoA.exe
O4 - HKLM\..\Run: [udnf9465] RUNDLL32.EXE w1065ac9.dll,n 003f9462000000031065ac9
O4 - HKLM\..\Run: [{88-84-42-22-ZN}] c:\windows\system32\oodsregl.exe GEN001
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [sys10-857177054] C:\WINDOWS\sys10-857177054.exe
O4 - HKLM\..\Run: [xdvmsoeA] C:\WINDOWS\xdvmsoeA.exe
O4 - HKLM\..\Run: [sys01857177054-] C:\WINDOWS\sys01857177054-.exe
O4 - HKLM\..\Run: [nmxfesvA] C:\WINDOWS\nmxfesvA.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [sys0257177054-8] C:\WINDOWS\sys0257177054-8.exe
O4 - HKLM\..\Run: [tnrojvlA] C:\WINDOWS\tnrojvlA.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe
O4 - HKLM\..\Run: [ms0577054-8571] C:\WINDOWS\ms0577054-8571.exe
O4 - HKLM\..\Run: [druzbnmA] C:\WINDOWS\druzbnmA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.9.125.lnk = C:\Program Files\OpenOffice.org 1.9.125\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411028933
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411019068
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\g4jo0e13eh.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjb2I\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\druzbnm.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 04 September 2006 - 08:04 AM

Hello,

Before we clean this up, I want some extra info first, so perform next..

* Download uninstallcmd_XP
Unzip it to your desktop.
Doubleclick uninstallcmd.bat
A short scan will follow and notepad will open afterwards.
Copy and paste the results of uninstallcmd.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Silanthras

Silanthras
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 September 2006 - 09:04 AM

Oddly enough after I ran the uninstall thing I was able to see surfsidekick in my add/remove programs and removed it. Ran up SD&D and Ad-aware and rebooted and it seems to be gone but im still getting pop ups from IE (which I never use IE at all), so heres the new HJK and the uninstall log.

Logfile of HijackThis v1.99.1
Scan saved at 10:00:10 AM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ms04177054-857.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\SmFjb2I\command.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,suibbif.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ms04177054-857] C:\WINDOWS\ms04177054-857.exe
O4 - HKLM\..\Run: [mzhxokoA] C:\WINDOWS\mzhxokoA.exe
O4 - HKLM\..\Run: [udnf9465] RUNDLL32.EXE w1065ac9.dll,n 003f9462000000031065ac9
O4 - HKLM\..\Run: [{88-84-42-22-ZN}] c:\windows\system32\oodsregl.exe GEN001
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [sys10-857177054] C:\WINDOWS\sys10-857177054.exe
O4 - HKLM\..\Run: [xdvmsoeA] C:\WINDOWS\xdvmsoeA.exe
O4 - HKLM\..\Run: [sys01857177054-] C:\WINDOWS\sys01857177054-.exe
O4 - HKLM\..\Run: [nmxfesvA] C:\WINDOWS\nmxfesvA.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [sys0257177054-8] C:\WINDOWS\sys0257177054-8.exe
O4 - HKLM\..\Run: [tnrojvlA] C:\WINDOWS\tnrojvlA.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe
O4 - HKLM\..\Run: [ms0577054-8571] C:\WINDOWS\ms0577054-8571.exe
O4 - HKLM\..\Run: [druzbnmA] C:\WINDOWS\druzbnmA.exe
O4 - HKLM\..\Run: [ms037177054-85] C:\WINDOWS\ms037177054-85.exe
O4 - HKLM\..\Run: [micstfzA] C:\WINDOWS\micstfzA.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.9.125.lnk = C:\Program Files\OpenOffice.org 1.9.125\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411028933
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411019068
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\g4jo0e13eh.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjb2I\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\micstfz.exe

DisplayName REG_SZ Ad-Aware SE Personal
UninstallString REG_SZ C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
DisplayName REG_SZ Adobe Photoshop CS2
UninstallString REG_SZ msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
DisplayName REG_SZ Adobe Download Manager 2.0 (Remove Only)
UninstallString REG_SZ "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
UninstallString REG_EXPAND_SZ C:\Program Files\Azureus\Uninstall.exe
DisplayName REG_SZ Azureus
DisplayName REG_SZ BootSkin
UninstallString REG_SZ C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
UninstallString REG_SZ C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
DisplayName REG_SZ DesktopX
UninstallString REG_SZ C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\INSTALL.LOG
DisplayName REG_SZ Diablo II
UninstallString REG_SZ C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DisplayName REG_SZ Google Video Player
UninstallString REG_SZ "C:\Program Files\Google\Google Video Player\Uninstall.exe"
DisplayName REG_SZ Haali Media Splitter
UninstallString REG_SZ "C:\Program Files\Matroska Pack\haali\uninstall.exe"
DisplayName REG_SZ HijackThis 1.99.1
UninstallString REG_SZ C:\HijackThis\HijackThis.exe /uninstall
DisplayName REG_SZ ICQ
UninstallString REG_SZ C:\PROGRA~1\ICQ\ICQUninstall.EXE
DisplayName REG_SZ Internet Explorer 7 Beta 2
UninstallString REG_SZ "C:\WINDOWS\$NtUninstallie7beta2$\spuninst\spuninst.exe"
UninstallString REG_SZ "C:\Program Files\Internet Optimizer\optimize.exe" /u 2
DisplayName REG_SZ Internet Optimizer
DisplayName REG_SZ IrfanView (remove only)
UninstallString REG_SZ C:\Program Files\IrfanView\iv_uninstall.exe
UninstallString REG_SZ C:\PROGRA~1\iVisit\UNINSTALL.EXE C:\PROGRA~1\iVisit\INSTALL.LOG
DisplayName REG_SZ iVisit 3.6.3
UninstallString REG_SZ C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\LAVA Player\LAVA25.isu"
DisplayName REG_SZ LAVA! Player
DisplayName REG_SZ Macromedia Shockwave Player
UninstallString REG_SZ C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
DisplayName REG_SZ Matroska Pack
UninstallString REG_SZ C:\Program Files\Matroska Pack\uninstall.exe
DisplayName REG_SZ MediaRing Talk Release 7.2.026
UninstallString REG_SZ C:\WINDOWS\mruninst.exe
DisplayName REG_SZ Mozilla Firefox (1.5.0.6)
UninstallString REG_SZ C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.6 (en-US)"
UninstallString REG_SZ C:\WINDOWS\uninst.exe -f"C:\Program Files\ahead\Nero\DeIsL1.isu"
DisplayName REG_SZ Nero - Burning Rom
DisplayName REG_SZ NVIDIA Drivers
UninstallString REG_SZ C:\WINDOWS\system32\nvudisp.exe UninstallGUI
DisplayName REG_SZ Windows Overlay Components
UninstallString REG_SZ C:\WINDOWS\offun.exe
UninstallString REG_SZ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
DisplayName REG_SZ QuickTime
UninstallString REG_SZ C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
UninstallString REG_SZ C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Thinking Adventures Ages 4-6\Uninst.isu"
DisplayName REG_SZ Reader Rabbit Thinking Adventures Ages 4-6
QuietDisplayName REG_SZ Shockwave Director 10.1
QuietDisplayName REG_SZ Shockwave Flash
DisplayName REG_SZ Macromedia Flash Player 8
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
DisplayName REG_SZ Skype 2.0
UninstallString REG_SZ "C:\Program Files\Skype\Phone\unins000.exe"
DisplayName REG_SZ Spybot - Search & Destroy 1.4
UninstallString REG_SZ "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
DisplayName REG_SZ Spyware Doctor 4.0
UninstallString REG_SZ "C:\Program Files\Spyware Doctor\unins000.exe"
DisplayName REG_SZ Starcraft
UninstallString REG_SZ C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
DisplayName REG_SZ TContext
UninstallString REG_SZ "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
DisplayName REG_SZ TeamSpeak 2 RC2
UninstallString REG_SZ "C:\Program Files\Teamspeak2_RC2\unins000.exe"
DisplayName REG_SZ ToolBar888
UninstallString REG_SZ C:\Program Files\ToolBar888\Uninst.exe
DisplayName REG_SZ TopThemesXP v2.0.0812
UninstallString REG_SZ "C:\Program Files\TopThemesXP\unins000.exe"
DisplayName REG_SZ Ultima Online 2D
UninstallString REG_SZ C:\WINDOWS\UOUninst.exe
DisplayName REG_SZ Web Nexus Network
UninstallString REG_SZ C:\WINDOWS\unwn.exe
UninstallString REG_SZ
DisplayName REG_SZ Winamp (remove only)
UninstallString REG_SZ "C:\Program Files\Winamp\UninstWA.exe"
DisplayName REG_SZ Windows Media Format 11 runtime
UninstallString REG_SZ "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
DisplayName REG_SZ Windows Media Player 11
UninstallString REG_SZ "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
DisplayName REG_SZ Windows XP Service Pack 2
UninstallString REG_SZ C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
DisplayName REG_SZ WinRAR archiver
UninstallString REG_SZ C:\Program Files\WinRAR\uninstall.exe
DisplayName REG_SZ Windows Media Format 11 runtime
UninstallString REG_SZ "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
DisplayName REG_SZ Windows Media Player 11
UninstallString REG_SZ "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
UninstallString REG_SZ "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
DisplayName REG_SZ Yahoo! Toolbar
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\Common\unyt.exe
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\Common\unyext.exe
DisplayName REG_SZ Yahoo! Browser Services
DisplayName REG_SZ Yahoo! Internet Mail
UninstallString REG_SZ C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
DisplayName REG_SZ Yahoo! Messenger
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
DisplayName REG_SZ Yahoo! Toolbar
DisplayName REG_SZ Yahoo! Install Manager
UninstallString REG_SZ C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
UninstallString REG_EXPAND_SZ MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
DisplayName REG_SZ Adobe Photoshop Album 2.0 Starter Edition
DisplayName REG_SZ AutoUpdate
DisplayName REG_SZ Adobe Photoshop CS2
UninstallString REG_EXPAND_SZ MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
DisplayName REG_SZ J2SE Runtime Environment 5.0 Update 4
UninstallString REG_EXPAND_SZ MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
DisplayName REG_SZ J2SE Runtime Environment 5.0 Update 6
DisplayName REG_SZ WebFldrs XP
DisplayName REG_SZ Command
UninstallString REG_SZ wscript "C:\WINDOWS\SmFjb2I\mAI3vZK.vbs"
UninstallString REG_EXPAND_SZ MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
DisplayName REG_SZ Logitech ImageStudio
UninstallString REG_EXPAND_SZ MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
DisplayName REG_SZ Windows Genuine Advantage v1.3.0254.0
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
DisplayName REG_SZ American McGee's Alice™
UninstallString REG_EXPAND_SZ MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
DisplayName REG_SZ Adobe Stock Photos 1.0
UninstallString REG_EXPAND_SZ MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
DisplayName REG_SZ Ventrilo Client
DisplayName REG_SZ DivX
UninstallString REG_SZ C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
UninstallString REG_EXPAND_SZ MsiExec.exe /X{833532AC-485E-484F-A307-2AB18F5F2A57}
DisplayName REG_SZ SPYWAREfighter
DisplayName REG_SZ DivX Player
UninstallString REG_SZ C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
UninstallString REG_EXPAND_SZ MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
DisplayName REG_SZ URGE
UninstallString REG_EXPAND_SZ MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
DisplayName REG_SZ Adobe Common File Installer
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
DisplayName REG_SZ Logitech Desktop Messenger
DisplayName REG_SZ Network Monitor
UninstallString REG_SZ wscript "C:\WINDOWS\uninstall_nmon.vbs"
UninstallString REG_EXPAND_SZ MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
DisplayName REG_SZ Adobe Reader 7.0
DisplayName REG_SZ Disney's Winnie the Pooh Kindergarten
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3EF1460-CCF9-11D4-B231-0050DACD394D}\setup.exe" Uninstall
UninstallString REG_EXPAND_SZ MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
DisplayName REG_SZ Adobe Bridge 1.0
UninstallString REG_EXPAND_SZ MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
DisplayName REG_SZ Microsoft .NET Framework 1.1
UninstallString REG_EXPAND_SZ MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
DisplayName REG_SZ MSN Messenger 7.5
UninstallString REG_EXPAND_SZ MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
DisplayName REG_SZ Adobe Help Center 1.0
UninstallString REG_EXPAND_SZ MsiExec.exe /I{F3A30E39-C291-47D1-8D1C-4CD9503CB2B7}
DisplayName REG_SZ OpenOffice.org 1.9.125
UninstallString REG_SZ C:\windows\system32\rk.exe -bootremove -uninst:RelevantKnowledge
DisplayName REG_SZ RelevantKnowledge
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
DisplayName REG_SZ Realtek AC'97 Audio


I would also like to say, thank you, very much for helping, its so very nice to find people willing to help :thumbsup:

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 04 September 2006 - 09:18 AM

Ok, let's deal with the rest now..

It is important you don't miss a step and perform everything in the right order!!

* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Internet Optimizer
Windows Overlay Components
TContext
ToolBar888
Web Nexus Network
SPYWAREfighter
Network Monitor
RelevantKnowledge

Reboot afterwards.

After reboot,

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Silanthras

Silanthras
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 September 2006 - 11:42 AM

sorry the Ewido scan log from the first one hung my system up after it fixed it so I was unable to get the log from it, but I ran it after I rebooted and got the next. Again, thank you so much for all of the help :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:51 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [mzhxokoA] C:\WINDOWS\mzhxokoA.exe
O4 - HKLM\..\Run: [udnf9465] RUNDLL32.EXE w1065ac9.dll,n 003f9462000000031065ac9
O4 - HKLM\..\Run: [{88-84-42-22-ZN}] c:\windows\system32\oodsregl.exe GEN001
O4 - HKLM\..\Run: [xdvmsoeA] C:\WINDOWS\xdvmsoeA.exe
O4 - HKLM\..\Run: [sys01857177054-] C:\WINDOWS\sys01857177054-.exe
O4 - HKLM\..\Run: [nmxfesvA] C:\WINDOWS\nmxfesvA.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [sys0257177054-8] C:\WINDOWS\sys0257177054-8.exe
O4 - HKLM\..\Run: [tnrojvlA] C:\WINDOWS\tnrojvlA.exe
O4 - HKLM\..\Run: [ms0577054-8571] C:\WINDOWS\ms0577054-8571.exe
O4 - HKLM\..\Run: [druzbnmA] C:\WINDOWS\druzbnmA.exe
O4 - HKLM\..\Run: [ms037177054-85] C:\WINDOWS\ms037177054-85.exe
O4 - HKLM\..\Run: [micstfzA] C:\WINDOWS\micstfzA.exe
O4 - HKLM\..\Run: [sys037177054-85] C:\WINDOWS\sys037177054-85.exe
O4 - HKLM\..\Run: [ms067054-85717] C:\WINDOWS\ms067054-85717.exe
O4 - HKLM\..\Run: [wgmytijA] C:\WINDOWS\wgmytijA.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.9.125.lnk = C:\Program Files\OpenOffice.org 1.9.125\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411028933
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127411019068
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wgmytij.exe (file missing)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:24:46 PM 9/4/2006

+ Scan result:



C:\RECYCLER\S-1-5-21-790525478-854245398-1060284298-1004\Dc3\CMFibula.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0016742.CPY -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ir0ql5d51.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ir42l5ho1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kadmac.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-790525478-854245398-1060284298-1004\Dc2\PSLister.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-790525478-854245398-1060284298-1004\Dc7\PSLister.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\TIGEN001.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.491:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.784:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.785:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.786:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.775:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.776:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.777:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.778:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.779:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.690:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.726:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.727:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.852:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.853:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.724:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.876:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.877:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.878:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.879:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.880:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.881:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.882:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.883:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.884:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.885:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.886:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.887:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.888:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.792:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.793:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.794:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.795:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.796:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.797:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.798:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.799:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.800:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.809:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.810:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.811:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.476:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.477:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.730:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.818:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.819:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.820:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.821:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.822:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.911:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.912:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.913:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.575:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.576:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.579:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.585:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.587:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.715:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.614:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.615:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.616:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.617:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.618:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.620:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.622:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.623:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.683:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.699:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.700:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.701:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.702:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.703:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\Jacob Raines\Application Data\Mozilla\Firefox\Profiles\ber1p2jc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Jacob Raines\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{93D887CB-A195-49A3-97EE-5862A2E8DB12}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93D887CB-A195-49A3-97EE-5862A2E8DB12}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93D887CB-A195-49A3-97EE-5862A2E8DB12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93D887CB-A195-49A3-97EE-5862A2E8DB12}\InprocServer32]
@="C:\\WINDOWS\\system32\\uinphost.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4FE4DA0B-9B5C-4B69-9ADF-AD96D51F411D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4FE4DA0B-9B5C-4B69-9ADF-AD96D51F411D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4FE4DA0B-9B5C-4B69-9ADF-AD96D51F411D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4FE4DA0B-9B5C-4B69-9ADF-AD96D51F411D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E1240B03-550E-4C1B-B94A-63DA55366231}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1240B03-550E-4C1B-B94A-63DA55366231}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1240B03-550E-4C1B-B94A-63DA55366231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1240B03-550E-4C1B-B94A-63DA55366231}\InprocServer32]
@="C:\\WINDOWS\\system32\\sfhedsvc.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E90E3453-FBCD-4E0C-BB3A-576AE3F17E53}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E90E3453-FBCD-4E0C-BB3A-576AE3F17E53}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E90E3453-FBCD-4E0C-BB3A-576AE3F17E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E90E3453-FBCD-4E0C-BB3A-576AE3F17E53}\InprocServer32]
@="C:\\WINDOWS\\system32\\lgcoinst.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4B0A1E0B-D5DB-4ABF-8557-0E7396427FB6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A1E0B-D5DB-4ABF-8557-0E7396427FB6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A1E0B-D5DB-4ABF-8557-0E7396427FB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A1E0B-D5DB-4ABF-8557-0E7396427FB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjiole16.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3BED64C5-D7D7-4522-B085-675AE8349CD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BED64C5-D7D7-4522-B085-675AE8349CD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BED64C5-D7D7-4522-B085-675AE8349CD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BED64C5-D7D7-4522-B085-675AE8349CD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\kadmac.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{9581DAE8-5B4B-4FE7-87DC-4455464AEA10}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9581DAE8-5B4B-4FE7-87DC-4455464AEA10}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9581DAE8-5B4B-4FE7-87DC-4455464AEA10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9581DAE8-5B4B-4FE7-87DC-4455464AEA10}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{708C2AD6-497D-4CB3-920C-6A16377446C2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{708C2AD6-497D-4CB3-920C-6A16377446C2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{708C2AD6-497D-4CB3-920C-6A16377446C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{708C2AD6-497D-4CB3-920C-6A16377446C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfnaddr.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *



DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Jacob Raines\Application Data\Sskdmns.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\justin.exe
C:\WINDOWS\SYSTEM32\atmtd.dll
C:\WINDOWS\SYSTEM32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\{CCE88422-095F-1033-1018-050914050001}
C:\Program Files\Common Files\{CCE88422-0960-1033-1018-050914050001}
C:\WINDOWS\system32\crunner


((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-09-04 11:05 186,219 --a------ C:\WINDOWS\srvtdvzdfa.exe
2006-09-04 10:44 186,219 --a------ C:\WINDOWS\srvjufflgc.exe
2006-09-04 09:55 186,219 --a------ C:\WINDOWS\srvjmltdky.exe
2006-09-04 00:57 47,104 --a------ C:\WINDOWS\ms04177054-8572006.exe
2006-09-03 20:11 186,219 --a------ C:\WINDOWS\srvdyfnelv.exe
2006-09-03 19:32 186,219 --a------ C:\WINDOWS\srvtcvuetu.exe
2006-09-03 17:52 78,488 --a------ C:\WINDOWS\SYSTEM32\XMD5.dll
2006-09-03 17:52 101,888 --a------ C:\WINDOWS\SYSTEM32\vb6stkit.dll
2006-09-03 15:53 186,219 --a------ C:\WINDOWS\srvhhebvpc.exe
2006-09-03 14:50 186,219 --a------ C:\WINDOWS\srvvpfatyr.exe
2006-09-03 14:11 126,976 --a------ C:\WINDOWS\SYSTEM32\ieserv.exe
2006-09-03 14:10 115,160 --a------ C:\WINDOWS\Eim03.exe
2006-09-03 14:09 927 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-09-03 14:09 61,952 --a------ C:\WINDOWS\SYSTEM32\udnf9465.dll
2006-09-03 14:09 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-03 14:09 186,223 --a------ C:\WINDOWS\srvdrcovoc.exe
2006-09-03 14:09 1,233 --a------ C:\WINDOWS\SYSTEM32\udnf9465.sys
2006-09-03 14:08 215,308 --a------ C:\WINDOWS\srvvlfhagt.exe
2006-09-03 14:07 32,768 --a------ C:\WINDOWS\SYSTEM32\setup9x.exe
2006-09-03 14:07 192 --a------ C:\WINDOWS\SYSTEM32\ggg.bat
2006-09-03 14:07 138,862 --a------ C:\WINDOWS\SYSTEM32\install.exe
2006-09-03 14:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2006-09-03 14:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2006-08-24 22:30 790,016 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-08-24 22:30 656,896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-08-24 22:30 611,840 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-08-24 22:30 532,992 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-08-24 22:30 316,928 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-08-24 22:30 305,152 --------- C:\WINDOWS\SYSTEM32\MSDelta.dll
2006-08-24 22:30 295,424 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-08-24 22:30 284,160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-08-24 22:30 259,072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-08-24 22:30 258,560 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-08-24 22:30 211,968 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-08-24 22:30 2,589,184 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-08-24 22:30 198,144 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-08-24 22:30 166,912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-08-24 22:30 133,120 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-08-24 22:30 132,096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130,048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-08-24 22:30 101,888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-08-24 22:30 1,539,584 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-08-24 22:30 1,532,416 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-08-24 22:30 1,392,128 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-08-24 20:27 249,344 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-08-24 20:26 95,288 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-08-24 20:26 17,408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-08-24 19:19 316,416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-08-24 19:19 145,920 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-08-24 19:18 56,320 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-08-24 19:18 168,448 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\SYSTEM32\nsx8.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 12:31 -------- dr------- C:\Program Files\Common Files
2006-09-04 12:29 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 12:29 -------- d-------- C:\Documents and Settings\Jacob Raines\Application Data\OpenOffice.org2
2

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 04 September 2006 - 11:49 AM

Hello,

Can you repost your log from comboxfix, because it got cut off. That's why I also asked in my first reply to use several replies to post the logs. :thumbsup:
I also see that we still have a lot to delete, so I am waiting for the complete combofix log, so we can deal with everything in once.

Edited by miekiemoes, 04 September 2006 - 12:12 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Silanthras

Silanthras
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 September 2006 - 05:13 PM

ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Jacob Raines\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-09-04 11:05 186,219 --a------ C:\WINDOWS\srvtdvzdfa.exe
2006-09-04 10:44 186,219 --a------ C:\WINDOWS\srvjufflgc.exe
2006-09-04 09:55 186,219 --a------ C:\WINDOWS\srvjmltdky.exe
2006-09-04 00:57 47,104 --a------ C:\WINDOWS\ms04177054-8572006.exe
2006-09-03 20:11 186,219 --a------ C:\WINDOWS\srvdyfnelv.exe
2006-09-03 19:32 186,219 --a------ C:\WINDOWS\srvtcvuetu.exe
2006-09-03 17:52 78,488 --a------ C:\WINDOWS\SYSTEM32\XMD5.dll
2006-09-03 17:52 101,888 --a------ C:\WINDOWS\SYSTEM32\vb6stkit.dll
2006-09-03 15:53 186,219 --a------ C:\WINDOWS\srvhhebvpc.exe
2006-09-03 14:50 186,219 --a------ C:\WINDOWS\srvvpfatyr.exe
2006-09-03 14:11 126,976 --a------ C:\WINDOWS\SYSTEM32\ieserv.exe
2006-09-03 14:10 115,160 --a------ C:\WINDOWS\Eim03.exe
2006-09-03 14:09 927 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-09-03 14:09 61,952 --a------ C:\WINDOWS\SYSTEM32\udnf9465.dll
2006-09-03 14:09 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-03 14:09 186,223 --a------ C:\WINDOWS\srvdrcovoc.exe
2006-09-03 14:09 1,233 --a------ C:\WINDOWS\SYSTEM32\udnf9465.sys
2006-09-03 14:08 215,308 --a------ C:\WINDOWS\srvvlfhagt.exe
2006-09-03 14:07 32,768 --a------ C:\WINDOWS\SYSTEM32\setup9x.exe
2006-09-03 14:07 192 --a------ C:\WINDOWS\SYSTEM32\ggg.bat
2006-09-03 14:07 138,862 --a------ C:\WINDOWS\SYSTEM32\install.exe
2006-09-03 14:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2006-09-03 14:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2006-08-24 22:30 790,016 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-08-24 22:30 656,896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-08-24 22:30 611,840 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-08-24 22:30 532,992 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-08-24 22:30 316,928 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-08-24 22:30 305,152 --------- C:\WINDOWS\SYSTEM32\MSDelta.dll
2006-08-24 22:30 295,424 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-08-24 22:30 284,160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-08-24 22:30 259,072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-08-24 22:30 258,560 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-08-24 22:30 211,968 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-08-24 22:30 2,589,184 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-08-24 22:30 198,144 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-08-24 22:30 166,912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-08-24 22:30 133,120 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-08-24 22:30 132,096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130,048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-08-24 22:30 101,888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-08-24 22:30 1,539,584 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-08-24 22:30 1,532,416 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-08-24 22:30 1,392,128 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-08-24 20:27 249,344 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-08-24 20:26 95,288 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-08-24 20:26 17,408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-08-24 19:19 316,416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-08-24 19:19 145,920 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-08-24 19:18 56,320 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-08-24 19:18 168,448 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\SYSTEM32\nsx8.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 18:08 -------- d-------- C:\Documents and Settings\Jacob Raines\Application Data\OpenOffice.org2
2006-09-04 18:04 -------- d-------- C:\Documents and Settings\Jacob Raines\Application Data\Azureus
2006-09-04 14:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 12:31 -------- dr------- C:\Program Files\Common Files
2006-09-04 11:43 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-04 11:43 -------- d-------- C:\Program Files\Common Files\frqr
2006-09-04 11:11 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-03 16:02 76560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-09-03 14:19 -------- dr------- C:\Program Files\Outlook Express
2006-09-03 14:08 -------- d-------- C:\Program Files\Online Services
2006-09-02 23:14 -------- d-------- C:\Program Files\ICQ
2006-09-01 16:01 -------- dr------- C:\Program Files\Windows Media Player
2006-09-01 16:01 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-01 10:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-01 10:26 -------- d-------- C:\Program Files\EA GAMES
2006-08-24 22:42 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-08-24 20:26 38656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
2006-08-24 19:22 90112 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
2006-08-24 19:18 84864 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
2006-08-11 20:14 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-07-31 13:34 -------- d-------- C:\Program Files\Azureus
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-24 19:24 -------- d-------- C:\Program Files\Ventrilo
2006-07-24 19:23 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-04 23:45 -------- d-------- C:\Program Files\Starcraft
2006-07-04 10:08 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-04 10:08 94208 --a------ C:\WINDOWS\ScUnin.exe
2006-06-05 14:33 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs"
"TXP"="c:\\program files\\topthemesxp\\txp.exe"
"Register MediaRing Talk"="C:\\Program Files\\MediaRing Talk\\register.exe"
"NewsUpd"="C:\\Program Files\\Creative\\News\\NewsUpd.EXE /q"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"mzhxokoA"="C:\\WINDOWS\\mzhxokoA.exe"
"udnf9465"="RUNDLL32.EXE w1065ac9.dll,n 003f9462000000031065ac9"
"{88-84-42-22-ZN}"="c:\\windows\\system32\\oodsregl.exe GEN001"
"xdvmsoeA"="C:\\WINDOWS\\xdvmsoeA.exe"
"sys01857177054-"="C:\\WINDOWS\\sys01857177054-.exe"
"nmxfesvA"="C:\\WINDOWS\\nmxfesvA.exe"
"spywarebot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"sys0257177054-8"="C:\\WINDOWS\\sys0257177054-8.exe"
"tnrojvlA"="C:\\WINDOWS\\tnrojvlA.exe"
"ms0577054-8571"="C:\\WINDOWS\\ms0577054-8571.exe"
"druzbnmA"="C:\\WINDOWS\\druzbnmA.exe"
"ms037177054-85"="C:\\WINDOWS\\ms037177054-85.exe"
"micstfzA"="C:\\WINDOWS\\micstfzA.exe"
"sys037177054-85"="C:\\WINDOWS\\sys037177054-85.exe"
"ms067054-85717"="C:\\WINDOWS\\ms067054-85717.exe"
"wgmytijA"="C:\\WINDOWS\\wgmytijA.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\kyjedi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Online Services\\hogybaxu.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: Mon 09/04/2006 18:09:48.64
ComboFix.txt
ComboFix2.txt

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 04 September 2006 - 05:30 PM

Let's deal with the leftovers now....

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
<== not required
O4 - HKLM\..\Run: [mzhxokoA] C:\WINDOWS\mzhxokoA.exe
O4 - HKLM\..\Run: [udnf9465] RUNDLL32.EXE w1065ac9.dll,n 003f9462000000031065ac9
O4 - HKLM\..\Run: [{88-84-42-22-ZN}] c:\windows\system32\oodsregl.exe GEN001
O4 - HKLM\..\Run: [xdvmsoeA] C:\WINDOWS\xdvmsoeA.exe
O4 - HKLM\..\Run: [sys01857177054-] C:\WINDOWS\sys01857177054-.exe
O4 - HKLM\..\Run: [nmxfesvA] C:\WINDOWS\nmxfesvA.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [sys0257177054-8] C:\WINDOWS\sys0257177054-8.exe
O4 - HKLM\..\Run: [tnrojvlA] C:\WINDOWS\tnrojvlA.exe
O4 - HKLM\..\Run: [ms0577054-8571] C:\WINDOWS\ms0577054-8571.exe
O4 - HKLM\..\Run: [druzbnmA] C:\WINDOWS\druzbnmA.exe
O4 - HKLM\..\Run: [ms037177054-85] C:\WINDOWS\ms037177054-85.exe
O4 - HKLM\..\Run: [micstfzA] C:\WINDOWS\micstfzA.exe
O4 - HKLM\..\Run: [sys037177054-85] C:\WINDOWS\sys037177054-85.exe
O4 - HKLM\..\Run: [ms067054-85717] C:\WINDOWS\ms067054-85717.exe
O4 - HKLM\..\Run: [wgmytijA] C:\WINDOWS\wgmytijA.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O15 - Trusted Zone: *.elitemediagroup.net
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wgmytij.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Go to start > run and copy and paste next command in the field: sc delete "Windows Overlay Components"
Hit enter.

Then, Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next files and folders:

C:\WINDOWS\srvtdvzdfa.exe
C:\WINDOWS\srvjufflgc.exe
C:\WINDOWS\srvjmltdky.exe
C:\WINDOWS\ms04177054-8572006.exe
C:\WINDOWS\srvdyfnelv.exe
C:\WINDOWS\srvtcvuetu.exe
C:\WINDOWS\srvhhebvpc.exe
C:\WINDOWS\srvvpfatyr.exe
C:\WINDOWS\SYSTEM32\ieserv.exe
C:\Program Files\Online Services\hogybaxu.html
C:\Program Files\Common Files\kyjedi.html
C:\WINDOWS\Eim03.exe
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\WINDOWS\SYSTEM32\udnf9465.dll
C:\WINDOWS\Setup90.exe
C:\WINDOWS\srvdrcovoc.exe
C:\WINDOWS\SYSTEM32\udnf9465.sys
C:\WINDOWS\srvvlfhagt.exe
C:\WINDOWS\SYSTEM32\setup9x.exe
C:\WINDOWS\SYSTEM32\install.exe
C:\WINDOWS\SYSTEM32\ggg.bat
C:\WINDOWS\SYSTEM32\vbzip10.dll
C:\WINDOWS\SYSTEM32\nsx8.dll
C:\Program Files\SpywareBot <== folder
C:\WINDOWS\system32\crunner <== folder
C:\Program Files\Common Files\misc002 <== folder
C:\Program Files\Common Files\frqr <== folder

If you're having problems with deleting some files, try it in safe mode.
įTo get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.

Extra addition..

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file, select it and click ok:

C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys

Then click the Send File button below.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 12 September 2006 - 12:32 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users