Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Outerinfo


  • This topic is locked This topic is locked
9 replies to this topic

#1 niamo

niamo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 November 2006 - 08:11 PM

Hello, I appear to be infected with OuterInfo, but I can't seem to get rid of it. Can anyone help me please? Also, when I go to certain websites, some text gets highlighted and when I move my mouse over them, it gives me a little window which popups and gives me more information on that word. Is that an infection too? Below is my log...thanks!




Logfile of HijackThis v1.99.1
Scan saved at 8:04:56 PM, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Anti Virus\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Norton Anti Virus\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ΑPPPA~1\scanregw.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Niamo\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Niamo\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Niamo\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {63E22C4E-A8E1-FB64-D7F8-C26932FCDBC2} - C:\WINDOWS\system32\klelskus.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: (no name) - {63E22C4E-A8E1-FB64-D7F8-C26932FCDBC2} - C:\WINDOWS\system32\klelskus.dll
O2 - BHO: (no name) - {69FB1C04-D952-1E86-D451-625508F4291A} - C:\WINDOWS\system32\qqpqtul.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton Anti Virus\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ttjwfkgt] C:\WINDOWS\system32\?»Zxplore.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aaou] "C:\PROGRA~1\£DPPPA~1\scanregw.exe" -vt ndrv
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094401605039
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\WINDOW~4\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton Anti Virus\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton Anti Virus\rtvscan.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:32 PM

Posted 06 November 2006 - 02:28 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

I see you have Windows Defender running.
The real-time protection may interfere with the fixes, that's why I want you to turn it off.

To turn real-time protection off
Open Windows Defender. (Click Start, click Programs, and then click Windows Defender.)
Click Tools, and then click General Settings.
Under Real-time protection options, Uncheck the Turn on real-time protection (recommended) check box.
Then click Save.

When your hijackthislog is clean again, please turn on the realtime protection again.

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R3 - URLSearchHook: (no name) - {63E22C4E-A8E1-FB64-D7F8-C26932FCDBC2} - C:\WINDOWS\system32\klelskus.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {63E22C4E-A8E1-FB64-D7F8-C26932FCDBC2} - C:\WINDOWS\system32\klelskus.dll
O2 - BHO: (no name) - {69FB1C04-D952-1E86-D451-625508F4291A} - C:\WINDOWS\system32\qqpqtul.dll (file missing)
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKCU\..\Run: [Ttjwfkgt] C:\WINDOWS\system32\?»Zxplore.exe
O4 - HKCU\..\Run: [Aaou] "C:\PROGRA~1\?DPPPA~1\scanregw.exe" -vt ndrv


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from AVG Anti-Spyware.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 niamo

niamo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 November 2006 - 12:48 PM

Thanks for the help so far!

Here's my hijack this log




Logfile of HijackThis v1.99.1
Scan saved at 12:45:20 PM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware\guard.exe
C:\Program Files\Norton Anti Virus\defwatch.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Norton Anti Virus\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG Anti-Spyware\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Niamo\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton Anti Virus\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094401605039
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\WINDOW~4\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton Anti Virus\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton Anti Virus\rtvscan.exe

#4 niamo

niamo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 November 2006 - 12:53 PM

Here's my AVG Anti-Spyware Scan Report



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:29:16 PM 06/11/2006

+ Scan result:



C:\Program Files\ΑppPatch\scanregw.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
[1288] C:\PROGRA~1\ΑPPPA~1\scanregw.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
HKU\S-1-5-21-4254696927-1365402078-1003786452-1006\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-4254696927-1365402078-1003786452-1006_Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Niamo\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Niamo\Cookies\niamo@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.51:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.186:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.57:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.95:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.86:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.48:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.161:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.162:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.163:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.164:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.165:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.214:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.215:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@ehg-bluesouth.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.83:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.20:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.118:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.119:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.120:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.121:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.208:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.209:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.204:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.205:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.206:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.207:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.41:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.42:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.104:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.105:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.106:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.107:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.142:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.54:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Niamo\Application Data\Mozilla\Firefox\Profiles\9uyeakyi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Niamo\Cookies\niamo@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

And finally, my combofix report




Niamo - 06-11-06 12:34:22.43 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Niamo\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Niamo\Application Data\ECURIT~1
C:\QooBox\Purity\Program Files\MCROSO~1.NET
C:\QooBox\Purity\WINDOWS\YMBOLS~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-06 10:32 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-21 22:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-10-17 12:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 12:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 12:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 12:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 12:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 11:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-06 19:37 20,480 --a------ C:\WINDOWS\system32\wbload.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-06 12:33 -------- d-------- C:\Program Files\跧pPatch
2006-11-06 12:05 -------- d-------- C:\Program Files\Firefox
2006-11-06 10:33 -------- d-------- C:\Program Files\AVG Anti-Spyware
2006-11-06 00:19 -------- d-------- C:\Program Files\Trillian
2006-10-28 09:33 -------- d-------- C:\Program Files\Internet Explorer
2006-10-23 20:32 -------- d-------- C:\Documents and Settings\Niamo\Application Data\Adobe
2006-10-23 10:37 -------- d-------- C:\Program Files\Norton Anti Virus
2006-10-21 22:20 -------- d-------- C:\Program Files\Illustrator CS
2006-10-21 22:10 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-21 22:05 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-15 23:03 -------- d-------- C:\Program Files\WindowBlinds
2006-10-14 23:33 -------- d-------- C:\Program Files\iTunes
2006-10-14 23:33 -------- d-------- C:\Program Files\iPod
2006-10-14 23:27 -------- d-------- C:\Program Files\QuickTime
2006-10-13 21:50 172856 --a------ C:\Documents and Settings\Niamo\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 18:06 -------- d-------- C:\Program Files\Common Files\?racle
2006-10-13 18:06 -------- d-------- C:\Program Files\Common Files
2006-10-01 23:49 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-01 23:48 -------- d-------- C:\Program Files\AutoCAD 2006
2006-10-01 23:46 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-10-01 23:45 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-01 23:39 -------- d-------- C:\Documents and Settings\Niamo\Application Data\Autodesk
2006-10-01 23:34 -------- d-------- C:\Program Files\Autodesk
2006-09-18 00:19 -------- d-------- C:\Program Files\Samsung PC Studio 3
2006-09-17 21:24 -------- d-------- C:\Documents and Settings\Niamo\Application Data\Skype
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-07 11:22 -------- d-------- C:\Program Files\Adobe
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_7 -reboot 1"
"ATnotes.exe"="C:\\Program Files\\ATnotes\\ATnotes.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"KeybdUtility"="\"C:\\Program Files\\On Screen Display\\Hotkey.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB PC Camera 301P"
"MOD"="C:\\Program Files\\Microangelo\\muamgr.exe"
"vptray"="C:\\Program Files\\Norton Anti Virus\\vptray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"DAEMON Tools-1033"="\"C:\\Program Files\\Daemon\\daemon.exe\" -lang 1033"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\AVG Anti-Spyware\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,b5,00,00,00,00,00,00,00,d5,02,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-06 12:41:11.84
C:\ComboFix.txt ... 06-11-06 12:41

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:32 PM

Posted 06 November 2006 - 01:36 PM

Looking much better already..

Let's deal with the leftovers now..

Browse to and Delete next folders:

C:\Program Files\跧pPatch <== most probably it will look like ApPatch. Don't delete this folder present in your Windows-folder!!
The one you have to delete is present in your C:\Programs files-folder and will most probably not containing any files anymore.

C:\Program Files\Common Files\?racle <== will most probably look like Oracle. Don't delete that folder anywhere else. The folder you have to delete will most probably empty as well.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"=-

[-HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Your Hijackthislog looks clean again. Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 niamo

niamo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 November 2006 - 08:34 PM

Thank you so much!

My hijack this log looks like this now




Logfile of HijackThis v1.99.1
Scan saved at 8:31:14 PM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware\guard.exe
C:\Program Files\Norton Anti Virus\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Norton Anti Virus\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG Anti-Spyware\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Niamo\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton Anti Virus\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094401605039
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\WINDOW~4\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton Anti Virus\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton Anti Virus\rtvscan.exe

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:32 PM

Posted 07 November 2006 - 01:03 AM

Still looking clean. How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 niamo

niamo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 07 November 2006 - 02:24 AM

Thanks, no problems so far. You've been an excellent help!

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:32 PM

Posted 07 November 2006 - 07:09 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
How to use SpywareBlaster

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:32 PM

Posted 09 November 2006 - 02:11 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users