Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
10 replies to this topic

#1 CatW

CatW

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 03 November 2006 - 10:29 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:15:07 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\kybrdff_e46.exe
C:\Program Files\Batty2\Batty2.exe
C:\nwnmff_e43.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PSCastor\PSCastor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,babkiki.exe
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinppes.exe GEN001
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e46.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e43.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e46a.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [{D7CC80D4-376C-4586-B023-4F35C2CEB28E} Deskbar UNINSTALL] regsvr32 /s /u "C:\Program Files\Deskbar\deskbar.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinppes.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\system32\lqe2z.dll
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sjuudvp.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 November 2006 - 08:34 AM

Welcome CatW! :thumbsup:

I will be helping you under the guidance of one of our expert coaches.

Please give me a little time to get back to you with instructions.

Thanks
Jamie
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 November 2006 - 12:20 PM

Hey CatW

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Firewall:

Please download one of these free firewalls and install it, either ZoneAlarm or OutPost

Update Java:

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 5.0 Update 9 ). Please install it and then reboot your computer.

Remove the older versions of Java:
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except J2SE Runtime Environment 5.0 Update 9
Alcan Fix:

1. Please download AVG Anti-Spyware
  • Install AVG Anti-Spyware
  • Launch AVG Anti-Spyware, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update AVG Anti-Spyware to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit AVG Anti-Spyware, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open AVG Anti-Spyware:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close AVG Anti-Spyware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it?s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG Anti-Spyware text report that you saved and a new HiJackThis log in your next reply.

Uninstall List:

1. Open Hijackthis and select: Open the Misc Tools section.
2. Then choose: Open Uninstall Manager and click Save List.
3. Save the list to your computer.
4. Then copy the contents of the list back to this thread in your next reply.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#4 CatW

CatW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 04 November 2006 - 09:02 PM

Thanks so much for helping me with this.

Logfile of HijackThis v1.99.1
Scan saved at 8:56:01 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Batty2\Batty2.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,babkiki.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\system32\lqe2z.dll
O20 - AppInit_DLLs: BattyRun2.dll,kfchhmoj.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sjuudvp.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:44:54 PM 11/4/2006

+ Scan result:



C:\Documents and Settings\Catherine\Local Settings\Temp\Tspd.dll -> Adware.Agent : Ignored.
C:\WINDOWS\system32\kfchhmoj.dll -> Adware.Agent : Ignored.
[888] C:\WINDOWS\system32\kfchhmoj.dll -> Adware.Agent : Ignored.
C:\Program Files\Batty2\Batty2.dll -> Adware.CASClient : Ignored.
C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Ignored.
C:\WINDOWS\system32\BattyRun2.dll -> Adware.CASClient : Ignored.
[1040] C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Ignored.
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\Dxc.exe -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcBho.dll -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1854474063-1025186366-2364701959-1005\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1854474063-1025186366-2364701959-1005\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1854474063-1025186366-2364701959-1005\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\Deskbar -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Ignored.
C:\deskbar.exe -> Adware.Softomate : Ignored.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
HKU\S-1-5-21-1854474063-1025186366-2364701959-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
C:\Documents and Settings\Catherine\Local Settings\Temp\i18.tmp -> Adware.SurfSide : Ignored.
C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
C:\WINDOWS\system32\nwinppes.exe -> Adware.ZenoSearch : Ignored.
C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\QJYRILAJ\drsmartload44a[1].exe -> Downloader.Adload.fu : Ignored.
C:\mc44a46.exe -> Downloader.Adload.fu : Ignored.
C:\kybrdff_e43.exe -> Downloader.Adload.hp : Ignored.
C:\nwnmff_e43.exe -> Downloader.Adload.hp : Ignored.
C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\0PWVO30N\popup[1].htm -> Hijacker.Agent.a : Ignored.
C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\EZ0RQ36L\popup[1].htm -> Hijacker.Agent.a : Ignored.
C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\T4S7LX05\popup[8].htm -> Hijacker.Agent.a : Ignored.
C:\Program Files\DVD Decrypter\howysyju.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Incomplete\kyzeve.html -> Hijacker.Small.jf : Ignored.
C:\dfndrff_e41.exe -> Hijacker.VB.kc : Ignored.
C:\dfndrff_e43.exe -> Hijacker.VB.kc : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@122.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@anm.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@clubmom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@cochranfirm.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@heritagegalleries.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@njmvc.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@paypal.112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@sonymediasoftware.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@z1.adserver[1].txt -> TrackingCookie.Adserver : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfk4shczifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkiehdzmdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkigkd5skp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkigldjklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkiqnc5gho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkyaocjekp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkycpdzmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkyggcpiao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkyqmdzwko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfkyugdjkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfliqoczkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfloeodzmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfmyumc5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wfmywicpagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wgk4gpdzifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wgk4wmazoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wgkicjdjklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wgkiwgazwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wgkocmc5iko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whkiehdjcho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whkikkc5sfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whkikndpwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whkiwic5aap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whkycjcjwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whliwocjkhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6whmyogc5gap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjk4ejd5wfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjk4oiajsdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjk4wldpedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkowod5abo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkygkczaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkygncpofo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkykgczgep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkyomc5ocp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkyqjd5glp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjkyqmcjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjl4omajsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjl4qnajwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjliakczkcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjliqhdzwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlislazgfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjloandjgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlocmazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlowmdpgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlyaldjseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlygiajoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjlyqhdjocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmikgdzkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmiojcpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmiunc5ako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmiwgazgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmyegdpkep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmykjdpmlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmyoncpado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjmywic5abp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjny-1gc5kd.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjny-1lazih.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjny-1ld5ob.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjny-1pc5wb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyaic5kbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyalc5cbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnycncjodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnycnczwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnycpdpago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyekajoco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyenazclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyglcpokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnygpdzieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyogczago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyohazwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyojczclq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyojd5ofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyoldzkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyopczmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnysgczmlq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyshdzgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnyumdzmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@e-2dj6wjnywjazmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ehg-optionsxpress.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ehg-upperdeck.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@kmpads[2].txt -> TrackingCookie.Kmpads : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@data1.perf.overture[2].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@data3.perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@qksrv[1].txt -> TrackingCookie.Qksrv : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@revenue[2].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@h.starware[2].txt -> TrackingCookie.Starware : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@try.starware[1].txt -> TrackingCookie.Starware : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@media.top-banners[1].txt -> TrackingCookie.Top-banners : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@web-stat[1].txt -> TrackingCookie.Web-stat : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@yadro[2].txt -> TrackingCookie.Yadro : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Catherine\Cookies\catherine@zedo[2].txt -> TrackingCookie.Zedo : Ignored.


::Report end


Ad-Aware SE Personal
Adobe Reader 7.0.8
AVG Anti-Spyware 7.5
AVG Free Edition
Banctec Service Agreement
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
DeluxeCommunications
Digital Content Portal
Digital Line Detect
DVD Decrypter (Remove Only)
DVD Shrink 3.2
e-Watch Camera Viewer
Fish Tycoon 1.0
Google
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® Graphics Media Accelerator Driver
InterActual Player
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 9
Macromedia Flash Player 8
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional with FrontPage
Modem Helper
Nero - Burning Rom
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Turbo Lister 2
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Defender
Windows Defender Signatures
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
ZoneAlarm

#5 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 06 November 2006 - 02:29 AM

Hey CatW

Thanks so much for helping me with this.


Glad to help.


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Uninstall Bad Programs:

1. Click Start >> Control Panel >> Add/Remove Programs
2. Select each of these programs, click Remove and follow the prompts to uninstall them:

DeluxeCommunications

Remove the Bad Services:

1. Copy/paste the following text into notepad and save it as (include the quotes): "FixMe.bat"
sc stop "Windows Overlay Components"
sc delete "Windows Overlay Components"
del FixMe.bat
2. Double-click FixMe.bat
3. You have now removed the bad service/s.

Fix the HJT entries:Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Batty2
    C:\Program Files\DeluxeCommunications
    C:\WINDOWS\system32\babkiki.exe
    C:\WINDOWS\system32\lqe2z.dll
    C:\WINDOWS\system32\BattyRun2.dll
    C:\WINDOWS\system32\kfchhmoj.dll
    C:\WINDOWS\system32\winrkq32.dll
    C:\WINDOWS\sjuudvp.exe
    C:\Documents and Settings\Catherine\Local Settings\Temp\Tspd.dll
    C:\Program Files\Deskbar
    C:\deskbar.exe
    C:\Documents and Settings\Catherine\Local Settings\Temp\i18.tmp
    C:\WINDOWS\system32\dxclib303562752.dll
    C:\WINDOWS\system32\nwinppes.exe
    C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\QJYRILAJ\drsmartload44a[1].exe
    C:\mc44a46.exe
    C:\kybrdff_e43.exe
    C:\nwnmff_e43.exe
    C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\0PWVO30N\popup[1].htm
    C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\EZ0RQ36L\popup[1].htm
    C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\T4S7LX05\popup[8].htm
    C:\Program Files\DVD Decrypter\howysyju.html
    C:\Program Files\Incomplete\kyzeve.html
    C:\dfndrff_e41.exe
    C:\dfndrff_e43.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download Clean.bat to your desktop: This file is used to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat Save it on your desktop for later use

ComboFix:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running! That may cause it to stall.


Kaspersky Online Scanner
Go to http://www.kaspersky.com/virusscanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#6 CatW

CatW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 06 November 2006 - 09:06 PM

I did not get any message during KillBot It rebooted by itself.

I did get an error when I first ran HJT.

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: BattyRun2.dll,kfchhmoj.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

KASPERSKY ONLINE SCANNER REPORT
Monday, November 06, 2006 8:56:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/11/2006
Kaspersky Anti-Virus database records: 238708


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 38330
Number of viruses found 5
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 00:29:28

Infected Object Name Virus Name Last Action
C:\!KillBox\BattyRun2.dll Infected: not-a-virus:AdWare.Win32.CASClient.n skipped

C:\!KillBox\kfchhmoj.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped

C:\!KillBox\kyzeve.html Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-08072006-152039.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\Catherine\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Catherine\Desktop\K & I.xls Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1DD84704-5F06-4186-B0C7-994782DE6F80} Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\History\History.IE5\MSHist012006110620061107\index.dat Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\Temp\~DF39F6.tmp Object is locked skipped

C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Catherine\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Catherine\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\LAPTOP2.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{81D387BD-D2D4-4331-894F-3ABAE4B00A29}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\srvpodvfsg.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped

C:\WINDOWS\srvpodvfsg.exe NSIS: infected - 1 skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drei.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32drei.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped

C:\WINDOWS\Temp\ZLT07a07.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT07a14.TMP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Catherine - 06-11-06 20:03:14.39 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Catherine\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Catherine\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\tpuninstall.exe
C:\Program Files\batty2
C:\Program Files\Common Files\{30083947-067E-1033-0301-060001}
C:\Program Files\Common Files\{A0083947-067E-1033-0301-060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Catherine\Application Data\ECURIT~1
C:\QooBox\Purity\Documents and Settings\Catherine\Application Data\ECURIT~1\?ecurity
C:\QooBox\Purity\Program Files\ICROSO~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-04 19:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-31 17:23 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-31 17:23 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-31 17:23 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-31 17:23 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-20 18:11 2 --a------ C:\WINDOWS\system32\wapisvit.exe
2006-10-20 18:10 919 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-10-20 18:10 1,259 --a------ C:\WINDOWS\system32\wcf1ff10.sys
2006-10-20 18:09 183,478 --a------ C:\WINDOWS\srvpodvfsg.exe
2006-10-20 18:08 45,056 --a------ C:\WINDOWS\system32uaw5wah6a.exe
2006-10-20 18:08 28,672 --a------ C:\WINDOWS\system32drei.exe
2006-10-20 18:08 28,672 --a------ C:\WINDOWS\system32\drei.exe
2006-10-19 17:58 0 --a------ C:\WINDOWS\b.exe
2006-10-09 14:28 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-06 20:03 -------- d-------- C:\Program Files\Common Files
2006-11-06 19:54 -------- d-------- C:\Program Files\Incomplete
2006-11-04 19:21 -------- d-------- C:\Program Files\Grisoft
2006-11-04 19:19 -------- d-------- C:\Program Files\Java
2006-11-04 19:17 -------- d-------- C:\Program Files\Common Files\Java
2006-11-04 18:42 -------- d-------- C:\Program Files\Zone Labs
2006-11-03 21:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-03 21:56 -------- d-------- C:\Program Files\e-Watch
2006-10-31 18:41 -------- d-------- C:\Documents and Settings\Catherine\Application Data\AVG7
2006-10-25 10:16 -------- d-------- C:\Program Files\McAfee
2006-10-23 20:28 -------- d-------- C:\Documents and Settings\Catherine\Application Data\Macromedia
2006-10-21 08:51 -------- d-------- C:\Program Files\Fish Tycoon
2006-10-20 18:17 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-20 18:14 -------- d-------- C:\Program Files\Oberon Media
2006-10-20 18:09 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-14 19:08 -------- d---s---- C:\Documents and Settings\Catherine\Application Data\Microsoft
2006-10-05 17:41 -------- d-------- C:\Program Files\eBay
2006-10-02 10:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 10:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2006-09-23 15:10 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-23 15:04 -------- d-------- C:\Program Files\WildTangent
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061106-194912-462
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
backup-20061106-194857-649
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\system32\lqe2z.dll
backup-20061106-194857-802
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
backup-20061106-194857-852
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20061106-194857-674
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20061106-194857-941
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20061106-194857-330
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20061106-194857-809
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,babkiki.exe
backup-20061106-194857-140
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
backup-20061106-194857-551
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20061106-194857-633
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-06 20:06:05.81
C:\ComboFix.txt ... 06-11-06 20:06

Logfile of HijackThis v1.99.1
Scan saved at 8:59:27 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

I think that is everything!

#7 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 08 November 2006 - 03:07 PM

Hey Catw

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Uninstall Bad Programs:

1. Click Start >> Control Panel >> Add/Remove Programs
2. Select each of these programs, click Remove and follow the prompts to uninstall them:

WildTangent


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\srvpodvfsg.exe
    C:\WINDOWS\system32\drei.exe
    C:\WINDOWS\system32drei.exe
    C:\Documents and Settings\Catherine\Application Data\Dxcknwrd.dll
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\tpuninstall.exe
    C:\Program Files\batty2
    C:\Program Files\Common Files\{30083947-067E-1033-0301-060001}
    C:\Program Files\Common Files\{A0083947-067E-1033-0301-060001}
    C:\WINDOWS\system32\wapisvit.exe
    C:\WINDOWS\system32\winpfg32.sys
    C:\WINDOWS\system32\wcf1ff10.sys
    C:\WINDOWS\system32uaw5wah6a.exe
    C:\WINDOWS\b.exe
    C:\Program Files\WildTangent


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please can you then post a fresh Hijackthis log. How is your computer running now?
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#8 CatW

CatW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 08 November 2006 - 09:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:19:15 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



It is running a thousand times better now....functionally it is perfect.

Thanks so much for your help!!!

#9 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 09 November 2006 - 02:04 PM

Hey CatW

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Please pay particular attention to Step A & G!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and re-enable system restore to make sure there are no infected files found in a restore point. Sometimes viruses can hide in there and if you ever needed to restore your system you would then re-infect your self
    You can find instructions on how to enable and re enable system restore here:Windows XP System Restore Guide

    Or simply follow these instructions:
    • Click Start, run and type SYSDM.CPL
    • Select the System Restore Tab
    • Check the box to Turn off System Restore on all drives
    • Click Apply and then OK to the confirmation window
    • Then uncheck the box, click apply and then OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Install HostsMan - HostsMan will add a large list of restricted websites to your hosts file. This will prevent you from visiting some bad websites.
    Download Hostsman here!
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.

NOW is the time you can start to hit back at the people who infected you.
Posted Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


Happy Surfing!

Jamie
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#10 CatW

CatW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 November 2006 - 11:32 PM

Thank you!!!!!

#11 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 13 November 2006 - 12:52 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users