Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Logfile


  • This topic is locked This topic is locked
11 replies to this topic

#1 Russell Davis

Russell Davis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 26 October 2006 - 03:06 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:48:14 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ntdev.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ntar.exe
C:\WINDOWS\TEMP\DC6E.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1130981363\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Antivirus\caaviftest.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Russell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F2A689B-3770-45D9-85DE-2BE0CC5B16AF} - C:\Program Files\MSN\qujozy.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [bkqbe254] RUNDLL32.EXE w7d9f4a5.dll,n 001be253000000037d9f4a5
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.webex.com/client/v_mywebe...ort/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\q56886640.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WLogon - C:\WINDOWS\SYSTEM32\srvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Daemon Desync Protocol Service (DDPS) - Unknown owner - C:\WINDOWS\msdds.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Work Station Development (NTDEV) - Unknown owner - C:\WINDOWS\ntdev.exe
O23 - Service: Print Spooler Service (oyl9a2ryawoeb) - Unknown owner - C:\WINDOWS\system32\ntar.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 27 October 2006 - 03:25 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware scan report along with a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Russell Davis

Russell Davis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 31 October 2006 - 07:48 PM

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:26:29 PM 10/31/2006

+ Scan result:



HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\fcom[1].mb -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0084191.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0084592.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0085585.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP429\A0086704.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0090126.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091324.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091326.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091327.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091328.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091329.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091331.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091335.com -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091351.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091368.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091397.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0092630.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\dior4f46574361.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mlsdf8h9902859.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\nlkfev71685852.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\greg.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gregedit.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP395\A0077522.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP395\A0078325.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP395\A0079325.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP395\A0080325.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0081325.com -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0082334.com -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398\A0082416.com -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP400\A0082520.com -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP407\A0083668.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP408\A0083712.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP414\A0084095.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP418\A0084179.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091325.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091332.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091334.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091342.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091343.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091344.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091345.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091346.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091347.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091348.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091349.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091350.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091352.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091356.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091362.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091363.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091364.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091365.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091366.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091369.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091370.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091374.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091375.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091378.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091380.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091381.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091382.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091386.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091387.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091389.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091390.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091392.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091394.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091399.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091400.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091402.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091404.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091405.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091406.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091407.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091408.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP403\A0082569.exe -> Backdoor.HacDef.gu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091416.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091339.com -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\red_g[1].exe -> Downloader.Agent.awg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091415.dll -> Downloader.Agent.awg : Cleaned with backup (quarantined).
C:\acm.exe -> Downloader.Agent.awg : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\4DAFSPIN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\4DAFSPIN\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\8H2305EN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\2ZYVEHYR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\37DV7D88\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5C7I52H\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5C7I52H\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\C16XGVEH\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\C16XGVEH\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\C16XGVEH\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\C16XGVEH\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\EFYJQ1Y3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\ITCV4J8N\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\ITCV4J8N\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\ITCV4J8N\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXGHM3SD\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXGHM3SD\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXGHM3SD\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL4FK7WR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL4FK7WR\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL4FK7WR\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL4FK7WR\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\W9KLQ78L\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\W9KLQ78L\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT4PGN6X\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT4PGN6X\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT4PGN6X\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT4PGN6X\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\098R83CB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\0PQ30H6V\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\1IZG5C45\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\4HWP238X\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\8LMFW1QF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\FTM7Y702\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\FTM7Y702\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\G89727G1\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\IMQ5P1SM\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\KXIZERW5\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\RA87FLWL\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\GPEV45MN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\GPEV45MN\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\NGS4R9CD\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\NGS4R9CD\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\NGS4R9CD\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\NGS4R9CD\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S9AR8PAB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S9AR8PAB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S9YJ8LM7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S9YJ8LM7\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SBNJA8LX\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SBNJA8LX\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SBNJA8LX\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SBNJA8LX\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SBNJA8LX\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SPUB0LIF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SPUB0LIF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\SPUB0LIF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\WX2BKX2J\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\WX2BKX2J\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\WX2BKX2J\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\XC8FXPGD\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\XC8FXPGD\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\XC8FXPGD\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\XC8FXPGD\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\XC8FXPGD\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\Y5N098VU\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\Y5N098VU\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\Y5N098VU\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\0T8E2WWH\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XIN89M3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\6D2TKH8F\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\9TJBHPO2\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\9TJBHPO2\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\9TJBHPO2\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\CP6VST23\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GP2RSLY7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GP2RSLY7\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GV65WB0L\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GV65WB0L\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GV65WB0L\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLKDIJ4F\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Internet Files\Content.IE5\M4G5U89B\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\1NR1NDBC\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\1NR1NDBC\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\2NORN4DG\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\6WUDZ10O\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\8A09HI5R\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\8HYV05AN\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\CDAF0DY7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EGZOLT7U\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\EWIL5F0Y\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\K2OWNITU\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\K9EJ4PUB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\NWOU3I5B\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\VIBD91RJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\VIBD91RJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\VIBD91RJ\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\WLA7G5I7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2144\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2145\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2148\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2154\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2493\Content.IE5\54LXZX9V\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2493\Content.IE5\IQ6E7OC0\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2493\Content.IE5\ZCICCP7W\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2493\Content.IE5\ZCICCP7W\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2899\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2901\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Messenger\quneke.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Online Services\saqo.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091338.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\WX2BKX2J\new3[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Russell\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-367deb40-31374c72.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091341.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091357.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091360.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091361.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091372.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091373.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091376.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091384.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091393.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091398.exe -> Proxy.Bobax.t : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091330.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091333.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091337.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091367.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091409.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091336.exe -> Proxy.Caprobad.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0091396.exe -> Proxy.Caprobad.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Cookies\mary@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@waterfrontmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc1996.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2054.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2075.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2007.txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@thunderbolt.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2102.txt -> TrackingCookie.Adtrak : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2924.txt -> TrackingCookie.Adtrak : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2014.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2024.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2919.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2030.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2042.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@e-2dj6wfliakd5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@e-2dj6wgliglczohq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@e-2dj6wakyegd5gaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@e-2dj6wfkykpcjwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@e-2dj6wgliglczohq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2021.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2023.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tammy\Local Settings\Temp\Cookies\tammy@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2047.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2467\tammy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-132924855-531023399-255739519-1008\Dc2931\russell@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@www.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@www.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mary\Local Settings\Temp\Cookies\mary@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-aig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-gamespot.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-legacy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tammy\Cookies\tammy@ehg-ripedigitalentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cl

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 31 October 2006 - 08:18 PM

Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • Click Start and point to All Programs.
  • Mouse over Accessories, then System Tools, and select System Restore.
  • In the System Restore wizard, select the box next the text labeled "Create a
    restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After
    cleanup". Click Create and you're done.
=============



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



=============


Please run a new scan with AVG Antispyware.
Save the log and post it in your next reply along with a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Russell Davis

Russell Davis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 04 November 2006 - 12:31 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:27:27 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\nlkfev76222612.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Russell\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F2A689B-3770-45D9-85DE-2BE0CC5B16AF} - C:\Program Files\MSN\qujozy.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [bkqbe254] RUNDLL32.EXE w7d9f4a5.dll,n 001be253000000037d9f4a5
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.webex.com/client/v_mywebe...ort/ieatgpc.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\q56886640.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WLogon - srvc.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Daemon Desync Protocol Service (DDPS) - Unknown owner - C:\WINDOWS\msdds.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Work Station Development (NTDEV) - Unknown owner - C:\WINDOWS\ntdev.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Print Spooler Service (uywelaf7og7y) - Unknown owner - C:\WINDOWS\system32\nlkfev76222612.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:45:05 PM 11/3/2006

+ Scan result:



HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{1C610D8E-0BB0-1033-0525-050506210001}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup (quarantined).
HKU\S-1-5-21-132924855-531023399-255739519-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B712} -> Downloader.Delf : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Cookies\mary@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mary\Cookies\mary@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Russell\Cookies\russell@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 04 November 2006 - 08:49 AM

I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.
=============




Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Russell Davis

Russell Davis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 06 November 2006 - 07:52 PM

Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AOL Connectivity Services
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Brother MFL-Pro Suite
CCHelp
CCScore
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
EarthLink setup files
ER
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
ewido anti-malware
Google Desktop Search
Google Video Player
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
HLPIndex
HLPRFO
Hotfix for Windows Media Format SDK (KB902344)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
Intel® PROSafe for Wired Connections
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
NetZeroInstallers
Notifier
OTtBP
OTtBPSDK
PaperPort
PCDADDIN
PCDHELP
PCDLNCH
Photo Click
Pinball Panic
Pirates2_Screensaver_800x600
Plaxo Toolbar for Outlook (with AIM Enhancements)
PowerDVD 5.5
Project64 1.6
QuickTime
RealPlayer
SanDisk Digital Audio Player
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SFR2
Shockwave
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.4
The Print Shop 20
TurboTax ItsDeductible 2005
TurboTax Premier 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
WebEx
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Zoo Tycoon Expanded


Russell - 06-11-06 18:37:24.29 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Russell\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Fred\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\{1C610D8E-0BB0-1033-0525-050506210001}
C:\Program Files\Common Files\{3C610D8E-0BB0-1033-0525-050506210001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-01 19:57 132,096 --a------ C:\WINDOWS\system32\nlkfev76222612.exe
2006-10-31 16:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-26 16:54 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-26 16:54 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-26 16:54 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-26 16:54 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-26 16:54 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 10:51 123,904 --a------ C:\WINDOWS\system32\mlsdf8h8401264.exe
2006-10-25 09:53 123,904 --a------ C:\WINDOWS\system32\ntar.exe
2006-10-24 17:52 123,904 --a------ C:\WINDOWS\system32\dior4f41085261.exe
2006-10-22 02:37 119,808 --a------ C:\WINDOWS\system32\perfkey.exe
2006-10-20 14:36 119,808 --a------ C:\WINDOWS\system32\cjnr4r4446180.exe
2006-10-19 17:49 119,808 --a------ C:\WINDOWS\system32\sklrr7y7304743.exe
2006-10-18 17:15 123,904 --a------ C:\WINDOWS\system32\tdmk.exe
2006-10-17 19:26 119,808 --a------ C:\WINDOWS\system32\dior4f44760061.exe
2006-10-17 17:43 119,808 --a------ C:\WINDOWS\system32\dior4f44078201.exe
2006-10-17 12:42 123,904 --a------ C:\WINDOWS\system32\mlsdf8h4620464.exe
2006-10-16 19:52 123,904 --a------ C:\WINDOWS\system32\dior4f46294506.exe
2006-10-16 19:09 123,904 --a------ C:\WINDOWS\system32\sklrr7y9690413.exe
2006-10-13 01:51 185,344 --a------ C:\WINDOWS\system32\cjnr4r43980620.exe
2006-10-12 18:30 185,344 --a------ C:\WINDOWS\system32\nlkfev72263267.exe
2006-10-11 09:17 181,248 --a------ C:\WINDOWS\system32\diskpts.exe
2006-10-10 18:07 185,344 --a------ C:\WINDOWS\system32\mlsdf8h552424.exe
2006-10-09 13:21 181,248 --a------ C:\WINDOWS\system32\diskrq.exe
2006-10-09 11:58 197,632 --a------ C:\WINDOWS\system32\dior4f44322831.exe
2006-10-09 11:54 185,344 --a------ C:\WINDOWS\system32\discpb.exe
2006-10-08 20:30 197,632 --a------ C:\WINDOWS\system32\mlsdf8h689589.exe
2006-10-06 09:31 185,344 --a------ C:\WINDOWS\system32\discpci.exe
2006-10-06 09:28 185,344 --a------ C:\WINDOWS\system32\discpss.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-06 18:39 -------- d-------- C:\Program Files\Common Files
2006-11-06 07:17 -------- d-------- C:\Program Files\Plaxo
2006-11-05 17:21 9546 --a------ C:\Documents and Settings\Russell\Application Data\wklnhst.dat
2006-11-05 14:20 -------- d-------- C:\Program Files\IrfanView
2006-11-04 02:21 -------- d-------- C:\Program Files\Yahoo! Games
2006-11-04 02:19 -------- d-------- C:\Program Files\MUSICMATCH
2006-11-04 02:17 -------- d-------- C:\Program Files\Full Armor Studios
2006-11-03 18:05 -------- d-------- C:\Program Files\WinRAR
2006-11-01 17:16 -------- d-------- C:\Program Files\Project64 1.6
2006-10-31 18:55 -------- d---s---- C:\Documents and Settings\Russell\Application Data\Microsoft
2006-10-31 16:25 -------- d-------- C:\Program Files\Grisoft
2006-10-29 02:04 -------- d-------- C:\Program Files\Internet Explorer
2006-10-26 16:57 -------- d-------- C:\Documents and Settings\Russell\Application Data\AVG7
2006-10-26 13:45 -------- d-------- C:\Program Files\WinZip
2006-10-24 19:45 -------- d-------- C:\Documents and Settings\Russell\Application Data\Aim
2006-10-17 15:12 -------- d-------- C:\Program Files\LimeWire
2006-10-15 19:03 222952 --a------ C:\Documents and Settings\Russell\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 20:13 -------- d-------- C:\Program Files\Google
2006-10-05 19:22 197632 --a------ C:\WINDOWS\system32\mlsdf8h7949864.exe
2006-10-05 19:21 189440 --a------ C:\WINDOWS\system32\disctel.exe
2006-10-05 19:08 197632 --a------ C:\WINDOWS\system32\mlsdf8h1270969.exe
2006-10-05 18:37 197632 --a------ C:\WINDOWS\system32\nlkfev73271177.exe
2006-10-05 17:24 177152 --a------ C:\WINDOWS\system32\mlsdf8h8400494.exe
2006-09-29 20:47 181248 --a------ C:\WINDOWS\system32\discrpc.exe
2006-09-29 06:11 1330 --a------ C:\PPCleanDeleteAtReboot.bat
2006-09-28 19:58 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-28 19:58 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-27 15:34 181248 --a------ C:\WINDOWS\system32\discrcc.exe
2006-09-27 14:57 181248 --a------ C:\WINDOWS\system32\dior4f43860676.exe
2006-09-26 22:30 88576 --a------ C:\WINDOWS\system32\cjnr4r4cvmkcu.exe
2006-09-26 22:29 2560 --a------ C:\WINDOWS\system32\discsrc.exe
2006-09-26 22:08 88576 --a------ C:\WINDOWS\system32\mlsdf8hpkct.exe
2006-09-26 22:07 2560 --a------ C:\WINDOWS\system32\regdll.exe
2006-09-26 21:22 88576 --a------ C:\WINDOWS\system32\nlkfev7dyphzrjbum.exe
2006-09-26 21:10 2560 --a------ C:\WINDOWS\system32\bootdll.exe
2006-09-26 02:51 287744 --a------ C:\WINDOWS\system32\bootwifi.exe
2006-09-24 15:55 -------- d-------- C:\Program Files\Prentice Hall Interactive Text
2006-09-24 15:49 -------- d-------- C:\Program Files\BitTorrent
2006-09-22 23:41 -------- d-------- C:\Documents and Settings\Russell\Application Data\Yahoo!
2006-09-19 15:42 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 08:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-10 08:07 -------- d-------- C:\Program Files\Quicken
2006-09-10 07:35 -------- d-------- C:\Program Files\Microsoft Money 2005
2006-09-03 10:53 144516 --a------ C:\regnt.exe
2006-08-31 14:21 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-31 14:21 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-13 18:23 1563 --a------ C:\Documents and Settings\Russell\Application Data\AdobeDLM.log
2006-08-13 18:23 0 --a------ C:\Documents and Settings\Russell\Application Data\dm.ini
2006-08-08 18:50 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-08-08 18:50 2272 --a------ C:\WINDOWS\system32\w95inf16.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"Aim6"=""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"bkqbe254"="RUNDLL32.EXE w7d9f4a5.dll,n 001be253000000037d9f4a5"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Norton"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Online Services\\saqo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Messenger\\quneke.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Status Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Status Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Brother\\Brmfcmon\\BrMfcWnd.exe Brother MFC-420CN /STARTUP"
"item"="Status Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVRID"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="brctrcen"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDET"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1130981363\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelMEM"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrStDvPt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMusicEngine"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe\" -preload"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="yop"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\st3
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-06 18:43:57.59
C:\ComboFix.txt ... 06-11-06 18:43

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 07 November 2006 - 05:49 PM

Click Start -> Control Panel -> Add Remove Programs and uninstall this program:

Viewpoint Media Player


============



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\nlkfev76222612.exe
    C:\WINDOWS\system32\mlsdf8h8401264.exe
    C:\WINDOWS\system32\ntar.exe
    C:\WINDOWS\system32\dior4f41085261.exe
    C:\WINDOWS\system32\perfkey.exe
    C:\WINDOWS\system32\cjnr4r4446180.exe
    C:\WINDOWS\system32\sklrr7y7304743.exe
    C:\WINDOWS\system32\tdmk.exe
    C:\WINDOWS\system32\dior4f44760061.exe
    C:\WINDOWS\system32\dior4f44078201.exe
    C:\WINDOWS\system32\mlsdf8h4620464.exe
    C:\WINDOWS\system32\dior4f46294506.exe
    C:\WINDOWS\system32\sklrr7y9690413.exe
    C:\WINDOWS\system32\cjnr4r43980620.exe
    C:\WINDOWS\system32\nlkfev72263267.exe
    C:\WINDOWS\system32\diskpts.exe
    C:\WINDOWS\system32\mlsdf8h552424.exe
    C:\WINDOWS\system32\diskrq.exe
    C:\WINDOWS\system32\dior4f44322831.exe
    C:\WINDOWS\system32\discpb.exe
    C:\WINDOWS\system32\mlsdf8h689589.exe
    C:\WINDOWS\system32\discpci.exe
    C:\WINDOWS\system32\discpss.exe
    C:\WINDOWS\system32\mlsdf8h7949864.exe
    C:\WINDOWS\system32\disctel.exe
    C:\WINDOWS\system32\mlsdf8h1270969.exe
    C:\WINDOWS\system32\nlkfev73271177.exe
    C:\WINDOWS\system32\mlsdf8h8400494.exe
    C:\WINDOWS\system32\discrpc.exe
    C:\WINDOWS\system32\discrcc.exe
    C:\WINDOWS\system32\dior4f43860676.exe
    C:\WINDOWS\system32\cjnr4r4cvmkcu.exe
    C:\WINDOWS\system32\discsrc.exe
    C:\WINDOWS\system32\mlsdf8hpkct.exe
    C:\WINDOWS\system32\regdll.exe
    C:\WINDOWS\system32\nlkfev7dyphzrjbum.exe
    C:\WINDOWS\system32\bootdll.exe
    C:\WINDOWS\system32\bootwifi.exe
    C:\Program Files\Online Services\saqo.html
    C:\Program Files\Messenger\quneke.html




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
===============



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
=============


Please run Combofix once again and post a new log along with the log from Kaspersky.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Russell Davis

Russell Davis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 November 2006 - 06:50 PM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Russell(Administrator)
was started @ Monday, November 13, 2006, 9:11 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\nlkfev76222612.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h8401264.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\ntar.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\dior4f41085261.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\cjnr4r4446180.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\sklrr7y7304743.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\tdmk.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h4620464.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\dior4f46294506.exe


# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\sklrr7y9690413.exe


# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\cjnr4r43980620.exe


# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\nlkfev72263267.exe


# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\diskpts.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h552424.exe


# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\diskrq.exe


# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\dior4f44322831.exe


# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\discpb.exe


# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h689589.exe


# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\discpci.exe


# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\discpss.exe


# 21 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h7949864.exe


# 22 [Delete on Reboot]
Path = C:\WINDOWS\system32\disctel.exe


# 23 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h1270969.exe


# 24 [Delete on Reboot]
Path = C:\WINDOWS\system32\nlkfev73271177.exe


# 25 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8h8400494.exe


# 26 [Delete on Reboot]
Path = C:\WINDOWS\system32\discrpc.exe


# 27 [Delete on Reboot]
Path = C:\WINDOWS\system32\discrcc.exe


# 28 [Delete on Reboot]
Path = C:\WINDOWS\system32\dior4f43860676.exe


# 29 [Delete on Reboot]
Path = C:\WINDOWS\system32\cjnr4r4cvmkcu.exe


# 30 [Delete on Reboot]
Path = C:\WINDOWS\system32\discsrc.exe


# 31 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlsdf8hpkct.exe


# 32 [Delete on Reboot]
Path = C:\WINDOWS\system32\regdll.exe


# 33 [Delete on Reboot]
Path = C:\WINDOWS\system32\nlkfev7dyphzrjbum.exe


# 34 [Delete on Reboot]
Path = C:\WINDOWS\system32\bootdll.exe


# 35 [Delete on Reboot]
Path = C:\WINDOWS\system32\bootwifi.exe


I Rebooted @ 9:13:07 PM
Killbox Closed(Exit) @ 9:13:11 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Russell(Administrator)
was started @ Monday, November 13, 2006, 9:18 PM

Killbox Closed(Exit) @ 9:21:09 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Russell(Administrator)
was started @ Tuesday, November 14, 2006, 5:13 PM


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 14, 2006 5:45:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/11/2006
Kaspersky Anti-Virus database records: 241636
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 124566
Number of viruses found: 5
Number of infected objects: 17 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:48:42

Infected Object Name / Virus Name / Last Action
C:\!KillBox\ntar.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\20.0\Books\Sender\Sender.abk Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\20.0\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_Compress_20051001_081209_1_1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_PC_CHK.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Progress_log_Compress.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrDbgOut.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrtINS32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrtINST.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrtINSTL.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-23d4d625.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-23d4d625.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-23d4d625.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-23d4d625.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ffb5a0-5e55f339.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ffb5a0-5e55f339.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ffb5a0-5e55f339.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ffb5a0-5e55f339.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5bdc6cc1-2b3dd0ba.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5bdc6cc1-2b3dd0ba.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5bdc6cc1-2b3dd0ba.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5bdc6cc1-2b3dd0ba.zip ZIP: infected - 3 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Russell\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Russell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\History\History.IE5\MSHist012006111420061115\index.dat Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\Temp\hsperfdata_Russell\3628 Object is locked skipped
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Russell\ntuser.dat Object is locked skipped
C:\Documents and Settings\Russell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tammy\Shared\Outside Looking in - Jordan Pruitt.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Tammy\Shared\read it and weep soundtrack 06.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\msconf.pif Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Program Files\Brother\Brmfl04a\FaxData\Br10E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20051108041916.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20051113140234.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060105022347.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060305124341.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060325055522.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060325061542.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060716131227.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060728203410.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060904211840.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060916234653.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq106E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1070.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1072.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1073.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1075.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1077.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq108A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq108C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq108E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1090.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1092.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1094.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1096.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1098.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\BrowserSearch\BrowserSearch.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\BrowserSearch\BrowserSearch.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ErrorSearch\ErrorSearchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ErrorSearch\ErrorSearchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Games\GamesOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Games\GamesOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\JokeSearch\JokeSearchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\JokeSearch\JokeSearchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Layouts\PreferencesLayout.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Layouts\PreferencesLayout.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Layouts\ToolbarLayout.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Layouts\ToolbarLayout.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Manager\ManagerOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Manager\ManagerOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Movies\MoviesOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Movies\MoviesOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Pranks\PranksOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Pranks\PranksOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\RelatedSearch\RelatedSearchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\RelatedSearch\RelatedSearchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SearchAssistPlus\SearchAssistPlusOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SearchAssistPlus\SearchAssistPlusOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SearchMatch\SearchMatchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SearchMatch\SearchMatchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SmileyTown\SmileyTownOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\SmileyTown\SmileyTownOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Toolbar\TBProductsOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\Toolbar\TBProductsOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ToolbarLogo\ToolbarLogoOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ToolbarLogo\ToolbarLogoOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ToolbarSearch\ToolbarSearchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\ToolbarSearch\ToolbarSearchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\TravelSearch\TravelSearchOptions.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1099.tmp\TravelSearch\TravelSearchOptions.xml.backup Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109A.tmp\brand.bmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109A.tmp\icons\star_16.ico Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109A.tmp\StarwareConfig.xml Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109A.tmp\StarwareUninstall.exe Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A0.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A2.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A4.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A6.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A8.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10AA.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10AC.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10AE.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\.NetworkShare\LimeWirePackedJars4.8.1.7z Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\.NetworkShare\LimeWireWin4.8.1.exe Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\clink.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\commons-httpclient.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\commons-logging.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\COPYING Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\daap.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\data.ser Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\donotremove.htm Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\GenericWindowsUtils.dll Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\hashes Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\i18n.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\icu4j.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\id3v2.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\install.log Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\jcraft.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\jl011.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\jmdns.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\language.prop Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\LimeWire On Startup.lnk Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\LimeWire.exe Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\LimeWire.ico Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\LimeWire.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\LimeWire20.dll Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\logicrypto.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\looks.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\MessagesBundle.properties Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\MessagesBundles.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\mp3sp14.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\pmf.ico Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\ProgressTabs.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\root\magnet10\badge.img Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\root\magnet10\canHandle.img Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\root\magnet10\limewire.gif Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\root\magnet10\options.js Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\root\magnet10\silentdetect.js Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\SOURCE Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\spacer.gif Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\themes.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\tritonus.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\uninstall.exe Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\unpack.log Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\update.ver Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\vorbis.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\WindowsV5PlusUtils.dll Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\xerces.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\xml-apis.jar Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\xml.war Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq383.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq384.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq385.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq386.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq387.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq388.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq389.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq390.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq391.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq392.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq393.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq394.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq395.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq396.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq397.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq398.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq399.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A0.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A1.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A2.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A3.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005030.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0230ACB7-AD16-48E8-B4FD-008BF17665AF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 14 November 2006 - 07:57 PM

Use Killbox to delete these files on reboot.

C:\Documents and Settings\Tammy\Shared\Outside Looking in - Jordan Pruitt.wma
C:\Documents and Settings\Tammy\Shared\read it and weep soundtrack 06.wma
C:\msconf.pif



=============


We need to update your version of Java.
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 from HERE
    • Scroll down to where it says Java Runtime Environment (JRE) 5.0 Update 9
    • Click the "Download" button to the right.
    • Accept the license agreement.
    • Click Windows Offline Installation, Multi-language to download the file.
  • Once the program has finished downloading:
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • It should have next icon next to it: Posted Image
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
  • Go back into the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
      • Downloaded Applications
      • Other Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.
==============


Please run Combofix once again and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 30 November 2006 - 05:38 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:52 AM

Posted 30 November 2006 - 05:44 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users