Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Seem To Have Had Spyaxe


  • This topic is locked This topic is locked
8 replies to this topic

#1 pward76

pward76

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 03 November 2006 - 02:09 PM

Unfortunately, I found other websites before this one, and I think I have gotten rid of some or all of spyaxe, but my Internet Explorer seems to have been hosed. I keep getting "Page cannot be displayed" to websites that I know are working. (msn.com / google.com / bleepingcomputer.com)

Here is my log - if some kind soul could look at it, I would appreciate it.

Things I have done include :
- Running smitrem - no success[code=auto:0]
- Spyware Doctor - no success
- Ad-aware SE - no success
- going to c:\windows\system32 and removing everything from when the problem started 11/01/06. This seems to have stopped the popup for the "special antispyware" as well as preventing the 21.com software to auto install. THere were 4 files that I could not remove - ldcore.dll, rpcc.dll, wmstream32.dll, and tcpip. I added an extention to the 3 dll files (.old) and tcpip remains as I cannot rename it.

Logfile of HijackThis v1.99.1
Scan saved at 12:40:37 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\tcpip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\tctysdf.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\igfujjwt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.224.8.14:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Rwfpt Class - {0BDB22C0-BD18-4A40-9A9D-71F314BB75DB} - C:\WINDOWS\system32\lt5vsrs.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [hqy99b95] RUNDLL32.EXE w299fa40.dll,n 00699b8f00000005299fa40
O4 - HKLM\..\Run: [hdlpscom] igfujjwt.exe
O4 - HKLM\..\RunServices: [hdlpscom] igfujjwt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsts] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstu] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winste] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsth] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsto] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsty] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstd] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstz] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstk] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstt] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstr] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstq] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstf] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstw] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstn] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstp] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstb] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstm] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstl] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstv] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstg] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsti] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstc] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsta] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstx] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: wmstream32 - wmstream32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tctysdf.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 04 November 2006 - 03:50 PM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
============================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 pward76

pward76
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 04 November 2006 - 08:57 PM

OK - Here we go. THis is the Combofix log...

patward - Sat 11/04/2006 18:14:22.93 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\patward\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Documents\Settings


((((((((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011/04/2006 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Winstj"="C:\\WINDOWS\\loader1160829.exe"
"Winsts"="C:\\WINDOWS\\loader1160829.exe"
"Winstu"="C:\\WINDOWS\\loader1160829.exe"
"Winste"="C:\\WINDOWS\\loader1160829.exe"
"Winsth"="C:\\WINDOWS\\loader1160829.exe"
"Winsto"="C:\\WINDOWS\\loader1160829.exe"
"Winsty"="C:\\WINDOWS\\loader1160829.exe"
"Winstd"="C:\\WINDOWS\\loader1160829.exe"
"Winstz"="C:\\WINDOWS\\loader1160829.exe"
"Winstk"="C:\\WINDOWS\\loader1160829.exe"
"Winstt"="C:\\WINDOWS\\loader1160829.exe"
"Winstr"="C:\\WINDOWS\\loader1160829.exe"
"Winstq"="C:\\WINDOWS\\loader1160829.exe"
"Winstf"="C:\\WINDOWS\\loader1160829.exe"
"Winstw"="C:\\WINDOWS\\loader1160829.exe"
"Winstn"="C:\\WINDOWS\\loader1160829.exe"
"Winstp"="C:\\WINDOWS\\loader1160829.exe"
"Winstb"="C:\\WINDOWS\\loader1160829.exe"
"Winstm"="C:\\WINDOWS\\loader1160829.exe"
"Winstl"="C:\\WINDOWS\\loader1160829.exe"
"Winstv"="C:\\WINDOWS\\loader1160829.exe"
"Winstg"="C:\\WINDOWS\\loader1160829.exe"
"Winsti"="C:\\WINDOWS\\loader1160829.exe"
"Winstc"="C:\\WINDOWS\\loader1160829.exe"
"Winsta"="C:\\WINDOWS\\loader1160829.exe"
"Winstx"="C:\\WINDOWS\\loader1160829.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"TrackPointSrv"="tp4serv.exe"
"TP4EX"="tp4ex.exe"
"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"QCWLICON"="C:\\PROGRA~1\\ThinkPad\\CONNEC~1\\QCWLIcon.exe"
"BMMGAG"="RunDll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\\Program Files\\ThinkPad\\Utilities\\BMMLREF.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"TpShocks"="TpShocks.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QCTray"="C:\\PROGRA~1\\ThinkPad\\CONNEC~1\\QCTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"hqy99b95"="RUNDLL32.EXE w299fa40.dll,n 00699b8f00000005299fa40"
"hdlpscom"="igfujjwt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hdlpscom"="igfujjwt.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PSCastor"="\"C:\\Program Files\\PSCastor\\PSCastor.exe\""
"Dcta"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\tracert.exe\" -vt yazb"
"Dqy"="C:\\WINDOWS\\system32\\??curity\\n?lookup.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"PSCastor"="\"C:\\Program Files\\PSCastor\\PSCastor.exe\""
"Dcta"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\tracert.exe\" -vt yazb"
"Dqy"="C:\\WINDOWS\\system32\\??curity\\n?lookup.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000001
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstream32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\BMMTask.job

Completion time: Sat 11/04/2006 18:15:20.03
C:\ComboFix.txt ... 11/04/2006 06:15 PM


Now here is the hijackThis report immediatley after

Logfile of HijackThis v1.99.1
Scan saved at 6:34:25 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\tcpip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\tctysdf.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\igfujjwt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\WINDOWS\loader1160829.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.224.8.14:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Rwfpt Class - {0BDB22C0-BD18-4A40-9A9D-71F314BB75DB} - C:\WINDOWS\system32\lt5vsrs.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [hqy99b95] RUNDLL32.EXE w299fa40.dll,n 00699b8f00000005299fa40
O4 - HKLM\..\Run: [hdlpscom] igfujjwt.exe
O4 - HKLM\..\RunServices: [hdlpscom] igfujjwt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsts] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstu] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winste] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsth] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsto] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsty] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstd] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstz] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstk] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstt] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstr] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstq] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstf] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstw] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstn] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstp] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstb] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstm] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstl] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstv] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstg] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsti] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstc] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsta] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstx] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: wmstream32 - wmstream32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)

Here is the AVG report - Too big for one message more in next reply

Edited by pward76, 04 November 2006 - 09:00 PM.


#4 pward76

pward76
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 04 November 2006 - 09:03 PM

AVG Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:30:03 PM 11/4/2006

+ Scan result:



C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036841.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032751.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035774.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035834.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036862.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0039006.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0031424.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0031425.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036868.dll -> Adware.CASClient : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029283.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030381.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030382.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030403.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-19\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-20\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036870.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030371.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030372.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030427.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Downloads\18Wheels_of_Steel-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\BPHPacificWarriors-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\Civ3-GameoftheYear-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\FateoftheDragonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\HRGarageToGlorySetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\LemonadeTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\LuxuryLinerTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\NavySeals-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\PraetoriansSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\PrisonTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RiskII-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RiskIISetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\TheGameOfLife-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\WormsArmageddon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\ZooVet-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\moisdne-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\tpwSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\drsmartload482a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\drsmartload482a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe -> Downloader.Adload.hm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun19.exe -> Downloader.Adload.hm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe -> Downloader.Adload.hm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035814.exe -> Downloader.Adload.nad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035813.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029315.exe -> Downloader.Agent.axg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035852.exe -> Downloader.Agent.axg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036879.exe -> Downloader.Agent.axg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP543\A0037953.exe -> Downloader.Agent.axg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030383.dll -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032515.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036865.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030385.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Fоnts\tracert.exe -> Downloader.PurityScan.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030380.exe -> Downloader.PurityScan.do : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029313.exe -> Downloader.Small.coy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032729.exe -> Downloader.Small.coy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035840.exe -> Downloader.Small.coy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036835.exe -> Downloader.Small.coy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP543\A0037955.exe -> Downloader.Small.coy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029316.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032763.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035779.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035845.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036918.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0008.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032753.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035831.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ldcore.dll.old -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1192] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1240] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1252] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1428] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1532] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1868] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1888] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[208] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[548] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[804] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029308.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029312.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032755.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035782.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035832.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036838.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036851.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036871.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036872.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036873.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038972.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038973.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038974.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038996.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0039007.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\win32.exe.Vir -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\win32.exe.Vir.0 -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029299.exe -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032496.exe -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035827.exe -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036877.exe -> Downloader.Tibs.iw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032750.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035773.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035833.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036864.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\WINDOWS\tctysdfA.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029279.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029280.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029318.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032707.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032752.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0033736.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0033737.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035786.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035787.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035788.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035856.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035857.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035858.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035859.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035860.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036818.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036819.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036821.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036822.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036823.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036824.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036825.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036826.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036827.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036828.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036829.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036857.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0037909.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0037910.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\ms03031625610.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032730.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035846.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036866.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP543\A0037956.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029306.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032756.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035778.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035842.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036861.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\tctysdf.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035850.sys -> Hijacker.Costrat.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038976.sys -> Hijacker.Costrat.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029298.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029303.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032762.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035777.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035829.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036842.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036843.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036844.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036845.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP543\A0038935.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030412.dll -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030415.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tcpip.old.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\loader1160829.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\WINDOWS\loader2696297.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\WINDOWS\loader372886.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\spoolsvv.exe.Vir.6 -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\spoolsvv.exe.Vir.7 -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029330.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029345.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030419.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030431.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0031439.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0031473.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0031489.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032565.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032728.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032746.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0033746.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0033759.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0034758.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0034768.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035768.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035802.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035812.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035826.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035836.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035855.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036840.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036858.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036859.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036880.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP543\A0037954.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038971.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0039005.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032732.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032765.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035847.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035848.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036867.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036882.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029311.exe -> Proxy.Xorpix.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032764.exe -> Proxy.Xorpix.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035838.exe -> Proxy.Xorpix.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036834.exe -> Proxy.Xorpix.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038995.exe -> Proxy.Xorpix.au : Cleaned with backup (quarantined).
C:\Documents and Settings\patward\Cookies\patward@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\~ds39990.tmp -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun12.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\~ds39990.tmp -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036875.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036876.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0030373.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029300.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029301.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029333.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0029334.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032754.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0032758.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035775.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035776.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035843.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0035844.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036852.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP542\A0036856.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0039002.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0039004.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{886E0F57-746F-4DC9-8179-ACF08214BCE6}\RP545\A0038986.dll -> Trojan.Zapchast.ci : Cleaned with backup (quarantined).


::Report end

HijackThis scan after AVG - any insights?

Logfile of HijackThis v1.99.1
Scan saved at 7:38:22 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\igfujjwt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.224.8.14:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Rwfpt Class - {0BDB22C0-BD18-4A40-9A9D-71F314BB75DB} - C:\WINDOWS\system32\lt5vsrs.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [hqy99b95] RUNDLL32.EXE w299fa40.dll,n 00699b8f00000005299fa40
O4 - HKLM\..\Run: [hdlpscom] igfujjwt.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [hdlpscom] igfujjwt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winsts] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winste] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsto] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstd] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstk] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstr] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstf] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstn] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstb] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstl] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstg] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstc] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstx] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: wmstream32 - wmstream32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)

Edited by pward76, 04 November 2006 - 09:04 PM.


#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 05 November 2006 - 03:18 PM

1. Download gmer from http://www.gmer.net
2. Save it somewhere safe & unzip it to desktop
3. Double click the gmer.exe to run it and select the rootkit tab, press scan
4. When it has finished, right-click the entry highlighted in red - [System] pe386
5. Select 'Delete the service' & then reboot your machine.
=================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: Rwfpt Class - {0BDB22C0-BD18-4A40-9A9D-71F314BB75DB} - C:\WINDOWS\system32\lt5vsrs.dll (file missing)

O4 - HKLM\..\Run: [hqy99b95] RUNDLL32.EXE w299fa40.dll,n 00699b8f00000005299fa40

O4 - HKLM\..\Run: [hdlpscom] igfujjwt.exe

O4 - HKLM\..\RunServices: [hdlpscom] igfujjwt.exe

O4 - HKCU\..\Run: [Winsts] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winste] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winsto] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstd] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstk] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstr] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstf] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstn] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstb] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstl] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstg] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstc] C:\WINDOWS\loader1160829.exe
O4 - HKCU\..\Run: [Winstx] C:\WINDOWS\loader1160829.exe

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O20 - Winlogon Notify: wmstream32 - wmstream32.dll (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)
=========================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

rpcc

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Repeat for these - wmstream32 - Boonty Games - TCP and UDP Support
==================
DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\igfujjwt.exe
C:\WINDOWS\loader1160829.exe
c:\windows\system32\ldcore.dll
C:\WINDOWS\system32\rpcc.dll
C:\Program Files\Common Files\BOONTY Shared


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

Edited by MFDnSC, 05 November 2006 - 03:30 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 pward76

pward76
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 November 2006 - 04:02 PM

OK - New log -

Does it look clean? I seem to be running ok.

Donation on the way - Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:51:05 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.224.8.14:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 05 November 2006 - 04:32 PM

Clean Posted Image

Restore points
Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Edited by MFDnSC, 05 November 2006 - 05:15 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 pward76

pward76
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 November 2006 - 04:51 PM

Sorry - i must be blind - I do not see how to mark this closed.....

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 05 November 2006 - 05:15 PM

Sorry, I meant to take that out - I'll do it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users